diff -Nru openssl-1.1.1l/debian/changelog openssl-1.1.1l/debian/changelog --- openssl-1.1.1l/debian/changelog 2021-08-25 00:19:05.000000000 +0200 +++ openssl-1.1.1l/debian/changelog 2021-09-04 09:59:56.000000000 +0200 @@ -1,3 +1,34 @@ +openssl (1.1.1l-1ubuntu1) impish; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers, unless needrestart is available. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + + Skip services restart & reboot notification if needrestart is in-use. + + Bump version check to to 1.1.1. + + Import libraries/restart-without-asking template as used by above. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Reword the NEWS entry, as applicable on Ubuntu. + - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + and ECC from master. + - Use perl:native in the autopkgtest for installability on i386. + - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security + level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions + below 1.2 and update documentation. Previous default of 1, can be set + by calling SSL_CTX_set_security_level(), SSL_set_security_level() or + using ':@SECLEVEL=1' CipherString value in openssl.cfg. + - Import https://github.com/openssl/openssl/pull/12272.patch to enable + CET. + - Add support for building with noudeb build profile. + * Dropped changes: + - Cherry-pick an upstream patch to fix s390x AES code + + -- Simon Chopin Fri, 10 Sep 2021 09:59:56 +0200 + openssl (1.1.1l-1) unstable; urgency=medium * New upstream version. @@ -6,6 +37,40 @@ -- Sebastian Andrzej Siewior Wed, 25 Aug 2021 00:19:05 +0200 +openssl (1.1.1k-1ubuntu1) impish; urgency=low + + * Merge from Debian unstable (LP: #1939544). Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers, unless needrestart is available. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + + Skip services restart & reboot notification if needrestart is in-use. + + Bump version check to to 1.1.1. + + Import libraries/restart-without-asking template as used by above. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Reword the NEWS entry, as applicable on Ubuntu. + - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + and ECC from master. + - Use perl:native in the autopkgtest for installability on i386. + - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security + level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions + below 1.2 and update documentation. Previous default of 1, can be set + by calling SSL_CTX_set_security_level(), SSL_set_security_level() or + using ':@SECLEVEL=1' CipherString value in openssl.cfg. + - Import https://github.com/openssl/openssl/pull/12272.patch to enable + CET. + - Add support for building with noudeb build profile. + * Dropped changes, superseded upstream: + - SECURITY UPDATE: NULL pointer deref in signature_algorithms processing + -> CVE-2021-3449 + - SECURITY UPDATE: CA cert check bypass with X509_V_FLAG_X509_STRICT + -> CVE-2021-3450 + + -- Simon Chopin Wed, 11 Aug 2021 13:00:48 +0200 + openssl (1.1.1k-1) unstable; urgency=medium * New upstream version. @@ -14,6 +79,84 @@ -- Sebastian Andrzej Siewior Thu, 25 Mar 2021 21:49:34 +0100 +openssl (1.1.1j-1ubuntu5) impish; urgency=medium + + * Cherry-pick an upstream patch to fix s390x AES code (LP: #1931994) + + -- Simon Chopin Fri, 23 Jul 2021 14:32:42 +0200 + +openssl (1.1.1j-1ubuntu4) impish; urgency=medium + + * Split d/p/pr12272.patch into multiple patchfiles to fix dpkg-source + error when attempting to build a source package, due to pr12272.patch + patching files multiple times within the same patch. (LP: #1927161) + - d/p/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch + - d/p/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch + - d/p/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch + - d/p/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch + - d/p/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch + + -- Matthew Ruffell Wed, 05 May 2021 11:49:27 +1200 + +openssl (1.1.1j-1ubuntu3) hirsute; urgency=medium + + * SECURITY UPDATE: NULL pointer deref in signature_algorithms processing + - debian/patches/CVE-2021-3449-1.patch: fix NULL pointer dereference in + ssl/statem/extensions.c. + - debian/patches/CVE-2021-3449-2.patch: teach TLSProxy how to encrypt + <= TLSv1.2 ETM records in util/perl/TLSProxy/Message.pm. + - debian/patches/CVE-2021-3449-3.patch: add a test to + test/recipes/70-test_renegotiation.t. + - debian/patches/CVE-2021-3449-4.patch: ensure buffer/length pairs are + always in sync in ssl/s3_lib.c, ssl/ssl_lib.c, + ssl/statem/extensions.c, ssl/statem/extensions_clnt.c, + ssl/statem/statem_clnt.c, ssl/statem/statem_srvr.c. + - CVE-2021-3449 + * SECURITY UPDATE: CA cert check bypass with X509_V_FLAG_X509_STRICT + - debian/patches/CVE-2021-3450-1.patch: do not override error return + value by check_curve in crypto/x509/x509_vfy.c, + test/verify_extra_test.c. + - debian/patches/CVE-2021-3450-2.patch: fix return code check in + crypto/x509/x509_vfy.c. + - CVE-2021-3450 + + -- Marc Deslauriers Thu, 25 Mar 2021 11:44:30 -0400 + +openssl (1.1.1j-1ubuntu2) hirsute; urgency=medium + + * No-change upload to pick up lto. + + -- Matthias Klose Tue, 23 Mar 2021 15:24:20 +0100 + +openssl (1.1.1j-1ubuntu1) hirsute; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers, unless needrestart is available. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + + Skip services restart & reboot notification if needrestart is in-use. + + Bump version check to to 1.1.1. + + Import libraries/restart-without-asking template as used by above. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Reword the NEWS entry, as applicable on Ubuntu. + - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + and ECC from master. + - Use perl:native in the autopkgtest for installability on i386. + - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security + level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions + below 1.2 and update documentation. Previous default of 1, can be set + by calling SSL_CTX_set_security_level(), SSL_set_security_level() or + using ':@SECLEVEL=1' CipherString value in openssl.cfg. + - Import https://github.com/openssl/openssl/pull/12272.patch to enable + CET. + * Add support for building with noudeb build profile. + + -- Dimitri John Ledkov Tue, 23 Feb 2021 22:01:12 +0000 + openssl (1.1.1j-1) unstable; urgency=medium * New upstream version. @@ -23,6 +166,42 @@ -- Sebastian Andrzej Siewior Tue, 16 Feb 2021 20:50:01 +0100 +openssl (1.1.1i-3ubuntu2) hirsute; urgency=medium + + * No-change rebuild to drop the udeb package. + + -- Matthias Klose Mon, 22 Feb 2021 10:35:47 +0100 + +openssl (1.1.1i-3ubuntu1) hirsute; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers, unless needrestart is available. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + + Skip services restart & reboot notification if needrestart is in-use. + + Bump version check to to 1.1.1. + + Import libraries/restart-without-asking template as used by above. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Reword the NEWS entry, as applicable on Ubuntu. + - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + and ECC from master. + - Use perl:native in the autopkgtest for installability on i386. + - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security + level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions + below 1.2 and update documentation. Previous default of 1, can be set + by calling SSL_CTX_set_security_level(), SSL_set_security_level() or + using ':@SECLEVEL=1' CipherString value in openssl.cfg. + - Import https://github.com/openssl/openssl/pull/12272.patch to enable + CET. + + * Drop many patches included upstream. + + -- Dimitri John Ledkov Mon, 08 Feb 2021 11:08:21 +0000 + openssl (1.1.1i-3) unstable; urgency=medium * Cherry-pick a patch from upstream to address #13931. @@ -59,6 +238,87 @@ -- Sebastian Andrzej Siewior Tue, 21 Apr 2020 21:45:21 +0200 +openssl (1.1.1f-1ubuntu5) hirsute; urgency=medium + + * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref + - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for + DirectoryString in crypto/x509v3/v3_genn.c. + - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName + in crypto/x509v3/v3_genn.c. + - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE + types don't use implicit tagging in crypto/asn1/asn1_err.c, + crypto/asn1/tasn_dec.c, crypto/err/openssl.txt, + include/openssl/asn1err.h. + - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting + to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c, + crypto/asn1/tasn_enc.c, crypto/err/openssl.txt, + include/openssl/asn1err.h. + - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp + in test/v3nametest.c. + - debian/patches/CVE-2020-1971-6.patch: add a test for + encoding/decoding using an invalid ASN.1 Template in + test/asn1_decode_test.c, test/asn1_encode_test.c. + - CVE-2020-1971 + + -- Marc Deslauriers Tue, 08 Dec 2020 12:33:52 -0500 + +openssl (1.1.1f-1ubuntu4) groovy; urgency=medium + + * Cherrypick upstream fix for non-interactive detection on Linux. LP: + #1879826 + * Cherrypick AES CTR-DRGB: performance improvement LP: #1799928 + * Skip services restart & reboot notification if needrestart is in-use + LP: #1895708 + + -- Dimitri John Ledkov Tue, 15 Sep 2020 18:04:36 +0100 + +openssl (1.1.1f-1ubuntu3) groovy; urgency=medium + + * Import https://github.com/openssl/openssl/pull/12272.patch to enable + CET. + + -- Dimitri John Ledkov Thu, 25 Jun 2020 14:18:43 +0100 + +openssl (1.1.1f-1ubuntu2) focal; urgency=medium + + * SECURITY UPDATE: Segmentation fault in SSL_check_chain + - debian/patches/CVE-2020-1967-1.patch: add test for CVE-2020-1967 in + test/recipes/70-test_sslsigalgs.t. + - debian/patches/CVE-2020-1967-2.patch: fix NULL dereference in + SSL_check_chain() for TLS 1.3 in ssl/t1_lib.c. + - debian/patches/CVE-2020-1967-3.patch: fix test in + test/recipes/70-test_sslsigalgs.t. + - debian/patches/CVE-2020-1967-4.patch: fix test in + test/recipes/70-test_sslsigalgs.t. + - CVE-2020-1967 + + -- Marc Deslauriers Mon, 20 Apr 2020 07:53:50 -0400 + +openssl (1.1.1f-1ubuntu1) focal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + + Bump version check to to 1.1.1. + + Import libraries/restart-without-asking template as used by above. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Reword the NEWS entry, as applicable on Ubuntu. + - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + and ECC from master. + - Use perl:native in the autopkgtest for installability on i386. + - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security + level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions + below 1.2 and update documentation. Previous default of 1, can be set + by calling SSL_CTX_set_security_level(), SSL_set_security_level() or + using ':@SECLEVEL=1' CipherString value in openssl.cfg. + + -- Dimitri John Ledkov Fri, 03 Apr 2020 18:31:00 +0100 + openssl (1.1.1f-1) unstable; urgency=medium * New upstream version @@ -79,6 +339,50 @@ -- Sebastian Andrzej Siewior Wed, 18 Mar 2020 20:59:39 +0100 +openssl (1.1.1d-2ubuntu6) focal; urgency=medium + + * Revert version number change to 1.1.1e-dev. + + -- Dimitri John Ledkov Fri, 06 Mar 2020 04:08:51 +0000 + +openssl (1.1.1d-2ubuntu4) focal; urgency=medium + + * Apply 1_1_1-stable branch patches + * Apply s390x ECC assembly pack improvements + + -- Dimitri John Ledkov Wed, 26 Feb 2020 21:54:47 +0000 + +openssl (1.1.1d-2ubuntu3) focal; urgency=medium + + * Use perl:native in the autopkgtest for installability on i386. + + -- Dimitri John Ledkov Thu, 16 Jan 2020 14:15:26 +0000 + +openssl (1.1.1d-2ubuntu2) focal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + + Bump version check to to 1.1.1. + + Import libraries/restart-without-asking template as used by above. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Reword the NEWS entry, as applicable on Ubuntu. + - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + from master. + + * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security + level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions + below 1.2 and update documentation. Previous default of 1, can be set + by calling SSL_CTX_set_security_level(), SSL_set_security_level() or + using ':@SECLEVEL=1' CipherString value in openssl.cfg. + + -- Dimitri John Ledkov Wed, 08 Jan 2020 17:17:41 +0000 + openssl (1.1.1d-2) unstable; urgency=medium * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987). @@ -97,6 +401,47 @@ -- Sebastian Andrzej Siewior Sat, 14 Sep 2019 00:38:12 +0200 +openssl (1.1.1c-1ubuntu4) eoan; urgency=medium + + * Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 + from master. LP: #1736705 LP: #1736704 + + -- Dimitri John Ledkov Tue, 20 Aug 2019 12:46:33 +0100 + +openssl (1.1.1c-1ubuntu3) eoan; urgency=medium + + * Import libraries/restart-without-asking as used in postinst, to + prevent failure to configure the package without debconf database. LP: + #1832919 + + -- Dimitri John Ledkov Thu, 20 Jun 2019 17:59:55 +0100 + +openssl (1.1.1c-1ubuntu2) eoan; urgency=medium + + * Bump major version of OpenSSL in postinst to trigger services restart + upon upgrade. Many services listed there must be restarted when + upgrading 1.1.0 to 1.1.1. LP: #1832522 + * Fix path to Xorg for reboot notifications on desktop. LP: #1832421 + + -- Dimitri John Ledkov Thu, 13 Jun 2019 15:29:07 +0100 + +openssl (1.1.1c-1ubuntu1) eoan; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Drop the NEWS entry, not applicable on Ubuntu. + * Cherrypick upstream patch to fix ca -spkac output to be text again + LP: #1828215 + + -- Dimitri John Ledkov Mon, 10 Jun 2019 18:11:35 +0100 + openssl (1.1.1c-1) unstable; urgency=medium * New upstream version @@ -105,6 +450,21 @@ -- Sebastian Andrzej Siewior Thu, 30 May 2019 17:27:48 +0200 +openssl (1.1.1b-2ubuntu1) devel; urgency=medium + + * Merge from Debian unstable, remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Drop the NEWS entry, not applicable on Ubuntu. + + -- Dimitri John Ledkov Wed, 17 Apr 2019 17:26:42 +0100 + openssl (1.1.1b-2) unstable; urgency=medium * Fix BUF_MEM regression (Closes: #923516) @@ -113,6 +473,33 @@ -- Kurt Roeckx Tue, 16 Apr 2019 21:31:11 +0200 +openssl (1.1.1b-1ubuntu2) disco; urgency=medium + + * debian/rules: Ship openssl.cnf in libssl1.1-udeb, as required to use + OpenSSL by other udebs, e.g. wget-udeb. LP: #1822898 + + * Drop debian/patches/UBUNTU-lower-tls-security-level-for-compat.patch + to revert TLS_SECURITY_LEVEL back to 1. LP: #1822984 + + -- Dimitri John Ledkov Wed, 03 Apr 2019 11:50:23 +0100 + +openssl (1.1.1b-1ubuntu1) disco; urgency=medium + + * Merge from Debian unstable, remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Further decrease security level from 1 to 0, for compatibility with + openssl 1.0.2. + - Drop the NEWS entry, not applicable on Ubuntu. + + -- Dimitri John Ledkov Wed, 27 Feb 2019 18:13:17 -0500 + openssl (1.1.1b-1) unstable; urgency=medium [ Sebastian Andrzej Siewior ] @@ -124,6 +511,28 @@ -- Kurt Roeckx Tue, 26 Feb 2019 19:52:12 +0100 +openssl (1.1.1a-1ubuntu2) disco; urgency=medium + + * Drop the NEWS entry, not applicable on Ubuntu. + + -- Dimitri John Ledkov Wed, 28 Nov 2018 14:24:28 +0000 + +openssl (1.1.1a-1ubuntu1) disco; urgency=medium + + * Merge from Debian unstable, remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Further decrease security level from 1 to 0, for compatibility with + openssl 1.0.2. + + -- Dimitri John Ledkov Wed, 28 Nov 2018 14:06:04 +0000 + openssl (1.1.1a-1) unstable; urgency=medium * Add Breaks on python-boto (See: #909545) @@ -147,6 +556,28 @@ -- Sebastian Andrzej Siewior Sun, 28 Oct 2018 23:52:24 +0100 +openssl (1.1.1-1ubuntu2) cosmic; urgency=medium + + * Fixup typpos in the autopkgtest binary name. + + -- Dimitri John Ledkov Tue, 25 Sep 2018 15:41:07 +0100 + +openssl (1.1.1-1ubuntu1) cosmic; urgency=medium + + * Merge from Debian unstable, remaining changes: + - Replace duplicate files in the doc directory with symlinks. + - debian/libssl1.1.postinst: + + Display a system restart required notification on libssl1.1 + upgrade on servers. + + Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Revert "Enable system default config to enforce TLS1.2 as a + minimum" & "Increase default security level from 1 to 2". + - Further decrease security level from 1 to 0, for compatibility with + openssl 1.0.2. + + -- Dimitri John Ledkov Mon, 17 Sep 2018 13:24:38 +0100 + openssl (1.1.1-1) unstable; urgency=medium * New upstream version. @@ -2449,3 +2880,4 @@ * Initial Release. -- Christoph Martin Fri, 22 Nov 1996 21:29:51 +0100 + diff -Nru openssl-1.1.1l/debian/control openssl-1.1.1l/debian/control --- openssl-1.1.1l/debian/control 2021-08-24 10:31:34.000000000 +0200 +++ openssl-1.1.1l/debian/control 2021-09-04 09:59:44.000000000 +0200 @@ -2,7 +2,8 @@ Build-Depends: debhelper-compat (= 12), m4, bc, dpkg-dev (>= 1.15.7) Section: utils Priority: optional -Maintainer: Debian OpenSSL Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian OpenSSL Team Uploaders: Christoph Martin , Kurt Roeckx , Sebastian Andrzej Siewior Standards-Version: 4.5.0 Vcs-Browser: https://salsa.debian.org/debian/openssl @@ -45,6 +46,7 @@ Package: libcrypto1.1-udeb Package-Type: udeb +Build-Profiles: Section: debian-installer Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} @@ -58,6 +60,7 @@ Package: libssl1.1-udeb Package-Type: udeb +Build-Profiles: Section: debian-installer Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} diff -Nru openssl-1.1.1l/debian/libssl1.1.NEWS openssl-1.1.1l/debian/libssl1.1.NEWS --- openssl-1.1.1l/debian/libssl1.1.NEWS 2021-08-21 15:08:47.000000000 +0200 +++ openssl-1.1.1l/debian/libssl1.1.NEWS 2021-09-04 09:59:44.000000000 +0200 @@ -1,30 +1,38 @@ -openssl (1.1.1-2) unstable; urgency=medium +openssl (1.1.1d-2ubuntu2) focal; urgency=medium - Following various security recommendations, the default minimum TLS version - has been changed from TLSv1 to TLSv1.2. Mozilla, Microsoft, Google and Apple - plan to do same around March 2020. - - The default security level for TLS connections has also be increased from - level 1 to level 2. This moves from the 80 bit security level to the 112 bit - security level and will require 2048 bit or larger RSA and DHE keys, 224 bit - or larger ECC keys, and SHA-2. - - The system wide settings can be changed in /etc/ssl/openssl.cnf. Applications - might also have a way to override the defaults. - - In the default /etc/ssl/openssl.cnf there is a MinProtocol and CipherString - line. The CipherString can also sets the security level. Information about the - security levels can be found in the SSL_CTX_set_security_level(3ssl) manpage. - The list of valid strings for the minimum protocol version can be found in - SSL_CONF_cmd(3ssl). Other information can be found in ciphers(1ssl) and - config(5ssl). + The default security level for TLS connections was increased from + level 1 to level 2. This moves from the 80 bit security level to the + 112 bit security level and will require 2048 bit or larger RSA and + DHE keys, 224 bit or larger ECC keys, SHA-2, TLSv1.2 or DTLSv1.2. + + The system wide settings can be changed in + /etc/ssl/openssl.cnf. Applications might also have a way to override + the defaults. + + In the default /etc/ssl/openssl.cnf one can add sections to specify + CipherString. The CipherString can be used to set the security + level. Information about the security levels can be found in the + SSL_CTX_set_security_level(3ssl) manpage. Other information can be + found in ciphers(1ssl) and config(5ssl). Changing back the defaults in /etc/ssl/openssl.cnf to previous system wide - defaults can be done using: - MinProtocol = None - CipherString = DEFAULT + defaults can be by adding at the top of the file: + + # System default + openssl_conf = default_conf + + and adding at the bottom of the file: + + [default_conf] + ssl_conf = ssl_sect + + [ssl_sect] + system_default = system_default_sect + + [system_default_sect] + CipherString = DEFAULT:@SECLEVEL=1 It's recommended that you contact the remote site in case the defaults cause problems. - -- Kurt Roeckx Sun, 28 Oct 2018 20:58:35 +0100 + -- Dimitri John Ledkov Wed, 08 Jan 2020 17:17:41 +0000 \ Pas de fin de ligne à la fin du fichier diff -Nru openssl-1.1.1l/debian/libssl1.1.postinst openssl-1.1.1l/debian/libssl1.1.postinst --- openssl-1.1.1l/debian/libssl1.1.postinst 2021-08-21 15:08:47.000000000 +0200 +++ openssl-1.1.1l/debian/libssl1.1.postinst 2021-09-04 09:59:44.000000000 +0200 @@ -56,8 +56,10 @@ if [ "$1" = "configure" ] then - if [ ! -z "$2" ]; then - if dpkg --compare-versions "$2" lt 1.0.1g-2; then + if [ ! -z "$2" ] && [ ! -x /usr/lib/needrestart/apt-pinvoke ] ; then + # This triggers services restarting, so limit this to major upgrades + # only. Security updates should not restart services automatically. + if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then echo -n "Checking for services that may need to be restarted..." check="amanda-server anon-proxy apache2 apache-ssl" check="$check apf-firewall asterisk bacula-director-common" @@ -102,7 +104,7 @@ ") echo "done." fi - if dpkg --compare-versions "$2" lt 1.0.1g-3; then + if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then echo -n "Checking for services that may need to be restarted..." check2="chef chef-expander chef-server-api" check2="$check2 chef-solr pound postgresql-common" @@ -152,7 +154,11 @@ if [ "x$RET" != xtrue ]; then db_reset libssl1.1/restart-services db_set libssl1.1/restart-services "$services" - db_input critical libssl1.1/restart-services || true + if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then + db_input medium libssl1.1/restart-services || true + else + db_input critical libssl1.1/restart-services || true + fi db_go || true db_get libssl1.1/restart-services @@ -200,7 +206,20 @@ # Shut down the frontend, to make sure none of the # restarted services keep a connection open to it db_stop + fi # end upgrading and $2 lt 0.9.8c-2 + + # Here we issue the reboot notification for upgrades and + # security updates. We do want services to be restarted when we + # update for a security issue, but planned by the sysadmin, not + # automatically. + + # Only issue the reboot notification for servers; we proxy this by + # testing that the X server is not running (LP: #244250) + if ! pidof /usr/lib/xorg/Xorg > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then + /usr/share/update-notifier/notify-reboot-required + fi + fi # Upgrading fi diff -Nru openssl-1.1.1l/debian/libssl1.1.templates openssl-1.1.1l/debian/libssl1.1.templates --- openssl-1.1.1l/debian/libssl1.1.templates 2021-08-21 15:08:47.000000000 +0200 +++ openssl-1.1.1l/debian/libssl1.1.templates 2021-09-04 09:59:44.000000000 +0200 @@ -28,3 +28,15 @@ You will need to start these manually by running '/etc/init.d/ start'. +Template: libraries/restart-without-asking +Type: boolean +Default: false +_Description: Restart services during package upgrades without asking? + There are services installed on your system which need to be restarted + when certain libraries, such as libpam, libc, and libssl, are upgraded. + Since these restarts may cause interruptions of service for the system, + you will normally be prompted on each upgrade for the list of services + you wish to restart. You can choose this option to avoid being prompted; + instead, all necessary restarts will be done for you automatically so you + can avoid being asked questions on each library upgrade. + diff -Nru openssl-1.1.1l/debian/patches/0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch openssl-1.1.1l/debian/patches/0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch --- openssl-1.1.1l/debian/patches/0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,702 @@ +From 23ee62158040fdbc98be6c79178dad3487c6cd5d Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Wed, 8 Jan 2020 16:33:20 +0000 +Subject: [PATCH 01/25] s390x assembly pack: add OPENSSL_s390xcap environment + variable. + +The OPENSSL_s390xcap environment variable is used to set bits in the s390x +capability vector to zero. This simplifies testing of different code paths. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Andy Polyakov +Reviewed-by: Rich Salz +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/6813) + +(cherry picked from commit f39ad8dcaa75293968d2633d043de3f5fce4f37b) + +Fixup header include +Signed-off-by: Dimitri John Ledkov +--- + crypto/s390x_arch.h | 23 +- + crypto/s390xcap.c | 515 +++++++++++++++++++++++++++++++++++++++++++ + crypto/s390xcpuid.pl | 31 ++- + 3 files changed, 556 insertions(+), 13 deletions(-) + +diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h +index 4d2cc02eb3..0ed859bc8f 100644 +--- a/crypto/s390x_arch.h ++++ b/crypto/s390x_arch.h +@@ -49,6 +49,9 @@ struct OPENSSL_s390xcap_st { + + extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + ++/* Max number of 64-bit words currently returned by STFLE */ ++# define S390X_STFLE_MAX 3 ++ + /* convert facility bit number or function code to bit mask */ + # define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) + +@@ -68,9 +71,15 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_KMA 0xb0 + + /* Facility Bit Numbers */ +-# define S390X_VX 129 +-# define S390X_VXD 134 +-# define S390X_VXE 135 ++# define S390X_MSA 17 /* message-security-assist */ ++# define S390X_STCKF 25 /* store-clock-fast */ ++# define S390X_MSA5 57 /* message-security-assist-ext. 5 */ ++# define S390X_MSA3 76 /* message-security-assist-ext. 3 */ ++# define S390X_MSA4 77 /* message-security-assist-ext. 4 */ ++# define S390X_VX 129 /* vector */ ++# define S390X_VXD 134 /* vector packed decimal */ ++# define S390X_VXE 135 /* vector enhancements 1 */ ++# define S390X_MSA8 146 /* message-security-assist-ext. 8 */ + + /* Function Codes */ + +@@ -78,6 +87,9 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_QUERY 0 + + /* kimd/klmd */ ++# define S390X_SHA_1 1 ++# define S390X_SHA_256 2 ++# define S390X_SHA_512 3 + # define S390X_SHA3_224 32 + # define S390X_SHA3_256 33 + # define S390X_SHA3_384 34 +@@ -91,7 +103,12 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_AES_192 19 + # define S390X_AES_256 20 + ++/* km */ ++# define S390X_XTS_AES_128 50 ++# define S390X_XTS_AES_256 52 ++ + /* prno */ ++# define S390X_SHA_512_DRNG 3 + # define S390X_TRNG 114 + + /* Register 0 Flags */ +diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c +index 5d58b2d807..db1ee9d4cb 100644 +--- a/crypto/s390xcap.c ++++ b/crypto/s390xcap.c +@@ -13,15 +13,51 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "crypto/ctype.h" + #include "s390x_arch.h" + ++#define LEN 128 ++#define STR_(S) #S ++#define STR(S) STR_(S) ++ ++#define TOK_FUNC(NAME) \ ++ (sscanf(tok_begin, \ ++ " " STR(NAME) " : %" STR(LEN) "[^:] : " \ ++ "%" STR(LEN) "s %" STR(LEN) "s ", \ ++ tok[0], tok[1], tok[2]) == 2) { \ ++ \ ++ off = (tok[0][0] == '~') ? 1 : 0; \ ++ if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \ ++ goto ret; \ ++ if (off) \ ++ cap->NAME[0] = ~cap->NAME[0]; \ ++ \ ++ off = (tok[1][0] == '~') ? 1 : 0; \ ++ if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \ ++ goto ret; \ ++ if (off) \ ++ cap->NAME[1] = ~cap->NAME[1]; \ ++ } ++ ++#define TOK_CPU(NAME) \ ++ (sscanf(tok_begin, \ ++ " %" STR(LEN) "s %" STR(LEN) "s ", \ ++ tok[0], tok[1]) == 1 \ ++ && !strcmp(tok[0], #NAME)) { \ ++ memcpy(cap, &NAME, sizeof(*cap)); \ ++ } ++ + static sigjmp_buf ill_jmp; + static void ill_handler(int sig) + { + siglongjmp(ill_jmp, sig); + } + ++static const char *env; ++static int parse_env(struct OPENSSL_s390xcap_st *cap); ++ + void OPENSSL_s390x_facilities(void); ++void OPENSSL_s390x_functions(void); + void OPENSSL_vx_probe(void); + + struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; +@@ -30,6 +66,7 @@ void OPENSSL_cpuid_setup(void) + { + sigset_t oset; + struct sigaction ill_act, oact_ill, oact_fpe; ++ struct OPENSSL_s390xcap_st cap; + + if (OPENSSL_s390xcap_P.stfle[0]) + return; +@@ -37,6 +74,12 @@ void OPENSSL_cpuid_setup(void) + /* set a bit that will not be tested later */ + OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0); + ++ env = getenv("OPENSSL_s390xcap"); ++ if (env != NULL) { ++ if (!parse_env(&cap)) ++ env = NULL; ++ } ++ + memset(&ill_act, 0, sizeof(ill_act)); + ill_act.sa_handler = ill_handler; + sigfillset(&ill_act.sa_mask); +@@ -51,6 +94,12 @@ void OPENSSL_cpuid_setup(void) + if (sigsetjmp(ill_jmp, 1) == 0) + OPENSSL_s390x_facilities(); + ++ if (env != NULL) { ++ OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0]; ++ OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1]; ++ OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2]; ++ } ++ + /* protection against disabled vector facility */ + if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX)) + && (sigsetjmp(ill_jmp, 1) == 0)) { +@@ -64,4 +113,470 @@ void OPENSSL_cpuid_setup(void) + sigaction(SIGFPE, &oact_fpe, NULL); + sigaction(SIGILL, &oact_ill, NULL); + sigprocmask(SIG_SETMASK, &oset, NULL); ++ ++ OPENSSL_s390x_functions(); ++ ++ if (env != NULL) { ++ OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0]; ++ OPENSSL_s390xcap_P.kimd[1] &= cap.kimd[1]; ++ OPENSSL_s390xcap_P.klmd[0] &= cap.klmd[0]; ++ OPENSSL_s390xcap_P.klmd[1] &= cap.klmd[1]; ++ OPENSSL_s390xcap_P.km[0] &= cap.km[0]; ++ OPENSSL_s390xcap_P.km[1] &= cap.km[1]; ++ OPENSSL_s390xcap_P.kmc[0] &= cap.kmc[0]; ++ OPENSSL_s390xcap_P.kmc[1] &= cap.kmc[1]; ++ OPENSSL_s390xcap_P.kmac[0] &= cap.kmac[0]; ++ OPENSSL_s390xcap_P.kmac[1] &= cap.kmac[1]; ++ OPENSSL_s390xcap_P.kmctr[0] &= cap.kmctr[0]; ++ OPENSSL_s390xcap_P.kmctr[1] &= cap.kmctr[1]; ++ OPENSSL_s390xcap_P.kmo[0] &= cap.kmo[0]; ++ OPENSSL_s390xcap_P.kmo[1] &= cap.kmo[1]; ++ OPENSSL_s390xcap_P.kmf[0] &= cap.kmf[0]; ++ OPENSSL_s390xcap_P.kmf[1] &= cap.kmf[1]; ++ OPENSSL_s390xcap_P.prno[0] &= cap.prno[0]; ++ OPENSSL_s390xcap_P.prno[1] &= cap.prno[1]; ++ OPENSSL_s390xcap_P.kma[0] &= cap.kma[0]; ++ OPENSSL_s390xcap_P.kma[1] &= cap.kma[1]; ++ } ++} ++ ++static int parse_env(struct OPENSSL_s390xcap_st *cap) ++{ ++ /*- ++ * CPU model data ++ * (only the STFLE- and QUERY-bits relevant to libcrypto are set) ++ */ ++ ++ /*- ++ * z900 (2000) - z/Architecture POP SA22-7832-00 ++ * Facility detection would fail on real hw (no STFLE). ++ */ ++ static const struct OPENSSL_s390xcap_st z900 = { ++ .stfle = {0ULL, 0ULL, 0ULL, 0ULL}, ++ .kimd = {0ULL, 0ULL}, ++ .klmd = {0ULL, 0ULL}, ++ .km = {0ULL, 0ULL}, ++ .kmc = {0ULL, 0ULL}, ++ .kmac = {0ULL, 0ULL}, ++ .kmctr = {0ULL, 0ULL}, ++ .kmo = {0ULL, 0ULL}, ++ .kmf = {0ULL, 0ULL}, ++ .prno = {0ULL, 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z990 (2003) - z/Architecture POP SA22-7832-02 ++ * Implements MSA. Facility detection would fail on real hw (no STFLE). ++ */ ++ static const struct OPENSSL_s390xcap_st z990 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA), ++ 0ULL, 0ULL, 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1), ++ 0ULL}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ .kmctr = {0ULL, 0ULL}, ++ .kmo = {0ULL, 0ULL}, ++ .kmf = {0ULL, 0ULL}, ++ .prno = {0ULL, 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z9 (2005) - z/Architecture POP SA22-7832-04 ++ * Implements MSA and MSA1. ++ */ ++ static const struct OPENSSL_s390xcap_st z9 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ 0ULL, 0ULL, 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256), ++ 0ULL}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ .kmctr = {0ULL, 0ULL}, ++ .kmo = {0ULL, 0ULL}, ++ .kmf = {0ULL, 0ULL}, ++ .prno = {0ULL, 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z10 (2008) - z/Architecture POP SA22-7832-06 ++ * Implements MSA and MSA1-2. ++ */ ++ static const struct OPENSSL_s390xcap_st z10 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ 0ULL, 0ULL, 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ .kmctr = {0ULL, 0ULL}, ++ .kmo = {0ULL, 0ULL}, ++ .kmf = {0ULL, 0ULL}, ++ .prno = {0ULL, 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z196 (2010) - z/Architecture POP SA22-7832-08 ++ * Implements MSA and MSA1-4. ++ */ ++ static const struct OPENSSL_s390xcap_st z196 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ 0ULL, 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ S390X_CAPBIT(S390X_GHASH)}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmctr = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmo = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmf = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .prno = {0ULL, 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * zEC12 (2012) - z/Architecture POP SA22-7832-09 ++ * Implements MSA and MSA1-4. ++ */ ++ static const struct OPENSSL_s390xcap_st zEC12 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ 0ULL, 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ S390X_CAPBIT(S390X_GHASH)}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmctr = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmo = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmf = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .prno = {0ULL, 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z13 (2015) - z/Architecture POP SA22-7832-10 ++ * Implements MSA and MSA1-5. ++ */ ++ static const struct OPENSSL_s390xcap_st z13 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF) ++ | S390X_CAPBIT(S390X_MSA5), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ S390X_CAPBIT(S390X_VX), ++ 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ S390X_CAPBIT(S390X_GHASH)}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmctr = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmo = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmf = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .prno = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_512_DRNG), ++ 0ULL}, ++ .kma = {0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z14 (2017) - z/Architecture POP SA22-7832-11 ++ * Implements MSA and MSA1-8. ++ */ ++ static const struct OPENSSL_s390xcap_st z14 = { ++ .stfle = {S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF) ++ | S390X_CAPBIT(S390X_MSA5), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ S390X_CAPBIT(S390X_VX) ++ | S390X_CAPBIT(S390X_VXD) ++ | S390X_CAPBIT(S390X_VXE) ++ | S390X_CAPBIT(S390X_MSA8), ++ 0ULL}, ++ .kimd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512) ++ | S390X_CAPBIT(S390X_SHA3_224) ++ | S390X_CAPBIT(S390X_SHA3_256) ++ | S390X_CAPBIT(S390X_SHA3_384) ++ | S390X_CAPBIT(S390X_SHA3_512) ++ | S390X_CAPBIT(S390X_SHAKE_128) ++ | S390X_CAPBIT(S390X_SHAKE_256), ++ S390X_CAPBIT(S390X_GHASH)}, ++ .klmd = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512) ++ | S390X_CAPBIT(S390X_SHA3_224) ++ | S390X_CAPBIT(S390X_SHA3_256) ++ | S390X_CAPBIT(S390X_SHA3_384) ++ | S390X_CAPBIT(S390X_SHA3_512) ++ | S390X_CAPBIT(S390X_SHAKE_128) ++ | S390X_CAPBIT(S390X_SHAKE_256), ++ 0ULL}, ++ .km = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ .kmc = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmac = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmctr = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmo = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .kmf = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ .prno = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_512_DRNG), ++ S390X_CAPBIT(S390X_TRNG)}, ++ .kma = {S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ }; ++ ++ char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; ++ int rc, off, i, n; ++ ++ buff = malloc(strlen(env) + 1); ++ if (buff == NULL) ++ return 0; ++ ++ rc = 0; ++ memset(cap, ~0, sizeof(*cap)); ++ strcpy(buff, env); ++ ++ tok_begin = buff + strspn(buff, ";"); ++ strtok(tok_begin, ";"); ++ tok_end = strtok(NULL, ";"); ++ ++ while (tok_begin != NULL) { ++ /* stfle token */ ++ if ((n = sscanf(tok_begin, ++ " stfle : %" STR(LEN) "[^:] : " ++ "%" STR(LEN) "[^:] : %" STR(LEN) "s ", ++ tok[0], tok[1], tok[2]))) { ++ for (i = 0; i < n; i++) { ++ off = (tok[i][0] == '~') ? 1 : 0; ++ if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1) ++ goto ret; ++ if (off) ++ cap->stfle[i] = ~cap->stfle[i]; ++ } ++ } ++ ++ /* query function tokens */ ++ else if TOK_FUNC(kimd) ++ else if TOK_FUNC(klmd) ++ else if TOK_FUNC(km) ++ else if TOK_FUNC(kmc) ++ else if TOK_FUNC(kmac) ++ else if TOK_FUNC(kmctr) ++ else if TOK_FUNC(kmo) ++ else if TOK_FUNC(kmf) ++ else if TOK_FUNC(prno) ++ else if TOK_FUNC(kma) ++ ++ /* CPU model tokens */ ++ else if TOK_CPU(z900) ++ else if TOK_CPU(z990) ++ else if TOK_CPU(z9) ++ else if TOK_CPU(z10) ++ else if TOK_CPU(z196) ++ else if TOK_CPU(zEC12) ++ else if TOK_CPU(z13) ++ else if TOK_CPU(z14) ++ ++ /* whitespace(ignored) or invalid tokens */ ++ else { ++ while (*tok_begin != '\0') { ++ if (!ossl_isspace(*tok_begin)) ++ goto ret; ++ tok_begin++; ++ } ++ } ++ ++ tok_begin = tok_end; ++ tok_end = strtok(NULL, ";"); ++ } ++ ++ rc = 1; ++ret: ++ free(buff); ++ return rc; + } +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 5cbb962530..36023016fd 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities: + stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors + stg %r0,S390X_STFLE+16(%r4) + stg %r0,S390X_STFLE+24(%r4) +- stg %r0,S390X_KIMD(%r4) ++ ++ .long 0xb2b04000 # stfle 0(%r4) ++ brc 8,.Ldone ++ lghi %r0,1 ++ .long 0xb2b04000 # stfle 0(%r4) ++ brc 8,.Ldone ++ lghi %r0,2 ++ .long 0xb2b04000 # stfle 0(%r4) ++.Ldone: ++ br $ra ++.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities ++ ++.globl OPENSSL_s390x_functions ++.type OPENSSL_s390x_functions,\@function ++.align 16 ++OPENSSL_s390x_functions: ++ lghi %r0,0 ++ larl %r4,OPENSSL_s390xcap_P ++ ++ stg %r0,S390X_KIMD(%r4) # wipe capability vectors + stg %r0,S390X_KIMD+8(%r4) + stg %r0,S390X_KLMD(%r4) + stg %r0,S390X_KLMD+8(%r4) +@@ -59,14 +78,6 @@ OPENSSL_s390x_facilities: + stg %r0,S390X_KMA(%r4) + stg %r0,S390X_KMA+8(%r4) + +- .long 0xb2b04000 # stfle 0(%r4) +- brc 8,.Ldone +- lghi %r0,1 +- .long 0xb2b04000 # stfle 0(%r4) +- brc 8,.Ldone +- lghi %r0,2 +- .long 0xb2b04000 # stfle 0(%r4) +-.Ldone: + lmg %r2,%r3,S390X_STFLE(%r4) + tmhl %r2,0x4000 # check for message-security-assist + jz .Lret +@@ -123,7 +134,7 @@ OPENSSL_s390x_facilities: + + .Lret: + br $ra +-.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities ++.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions + + .globl OPENSSL_rdtsc + .type OPENSSL_rdtsc,\@function +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch openssl-1.1.1l/debian/patches/0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch --- openssl-1.1.1l/debian/patches/0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,213 @@ +From effd39f273eda67986f60f4292e829790c68d97e Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 31 Jan 2017 12:43:35 +0100 +Subject: [PATCH 02/25] s390x assembly pack: add OPENSSL_s390xcap man page. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Andy Polyakov +Reviewed-by: Rich Salz +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/6813) + +(cherry picked from commit d68af00685c4a76e9545882e350717ae5e4071df) +--- + doc/man3/OPENSSL_s390xcap.pod | 173 ++++++++++++++++++++++++++++++++++ + util/private.num | 1 + + 2 files changed, 174 insertions(+) + create mode 100644 doc/man3/OPENSSL_s390xcap.pod + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +new file mode 100644 +index 0000000000..550136a82b +--- /dev/null ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -0,0 +1,173 @@ ++=pod ++ ++=head1 NAME ++ ++OPENSSL_s390xcap - the IBM z processor capabilities vector ++ ++=head1 SYNOPSIS ++ ++ env OPENSSL_s390xcap=... ++ ++=head1 DESCRIPTION ++ ++libcrypto supports z/Architecture instruction set extensions. These ++extensions are denoted by individual bits in the capabilities vector. ++When libcrypto is initialized, the bits returned by the STFLE instruction ++and by the QUERY functions are stored in the vector. ++ ++To change the set of instructions available to an application, you can ++set the OPENSSL_s390xcap environment variable before you start the ++application. After initialization, the capability vector is ANDed bitwise ++with a mask which is derived from the environment variable. ++ ++The environment variable is a semicolon-separated list of tokens which is ++processed from left to right (whitespace is ignored): ++ ++ OPENSSL_s390xcap=";;..." ++ ++There are three types of tokens: ++ ++=over 4 ++ ++=item ++ ++The name of a processor generation. A bit in the environment variable's ++mask is set to one if and only if the specified processor generation ++implements the corresponding instruction set extension. Possible values ++are z900, z990, z9, z10, z196, zEC12, z13 and z14. ++ ++=item :: ++ ++The name of an instruction followed by two 64-bit masks. The part of the ++environment variable's mask corresponding to the specified instruction is ++set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc, ++kmac, kmctr, kmo, kmf, prno and kma. ++ ++=item stfle::: ++ ++Store-facility-list-extended (stfle) followed by three 64-bit masks. The ++part of the environment variable's mask corresponding to the stfle ++instruction is set to the specified 192-bit mask. ++ ++=back ++ ++The 64-bit masks are specified in hexadecimal notation. The 0x prefix is ++optional. Prefix a mask with a tilde (~) to denote a bitwise NOT operation. ++ ++The following is a list of significant bits for each instruction. Colon ++rows separate the individual 64-bit masks. The bit numbers in the first ++column are consistent with [1], that is, 0 denotes the leftmost bit and ++the numbering is continuous across 64-bit mask boundaries. ++ ++ Bit Mask Facility/Function ++ ++ stfle: ++ # 17 1<<46 message-security assist ++ # 25 1<<38 store-clock-fast facility ++ : ++ # 76 1<<51 message-security assist extension 3 ++ # 77 1<<50 message-security assist extension 4 ++ : ++ #129 1<<62 vector facility ++ #134 1<<57 vector packed decimal facility ++ #135 1<<56 vector enhancements facility 1 ++ #146 1<<45 message-security assist extension 8 ++ ++ kimd : ++ # 1 1<<62 KIMD-SHA-1 ++ # 2 1<<61 KIMD-SHA-256 ++ # 3 1<<60 KIMD-SHA-512 ++ # 32 1<<31 KIMD-SHA3-224 ++ # 33 1<<30 KIMD-SHA3-256 ++ # 34 1<<29 KIMD-SHA3-384 ++ # 35 1<<28 KIMD-SHA3-512 ++ # 36 1<<27 KIMD-SHAKE-128 ++ # 37 1<<26 KIMD-SHAKE-256 ++ : ++ # 65 1<<62 KIMD-GHASH ++ ++ klmd : ++ # 32 1<<31 KLMD-SHA3-224 ++ # 33 1<<30 KLMD-SHA3-256 ++ # 34 1<<29 KLMD-SHA3-384 ++ # 35 1<<28 KLMD-SHA3-512 ++ # 36 1<<27 KLMD-SHAKE-128 ++ # 37 1<<26 KLMD-SHAKE-256 ++ : ++ ++ km : ++ # 18 1<<45 KM-AES-128 ++ # 19 1<<44 KM-AES-192 ++ # 20 1<<43 KM-AES-256 ++ # 50 1<<13 KM-XTS-AES-128 ++ # 52 1<<11 KM-XTS-AES-256 ++ : ++ ++ kmc : ++ # 18 1<<45 KMC-AES-128 ++ # 19 1<<44 KMC-AES-192 ++ # 20 1<<43 KMC-AES-256 ++ : ++ ++ kmac : ++ # 18 1<<45 KMAC-AES-128 ++ # 19 1<<44 KMAC-AES-192 ++ # 20 1<<43 KMAC-AES-256 ++ : ++ ++ kmctr: ++ : ++ ++ kmo : ++ # 18 1<<45 KMO-AES-128 ++ # 19 1<<44 KMO-AES-192 ++ # 20 1<<43 KMO-AES-256 ++ : ++ ++ kmf : ++ # 18 1<<45 KMF-AES-128 ++ # 19 1<<44 KMF-AES-192 ++ # 20 1<<43 KMF-AES-256 ++ : ++ ++ prno : ++ : ++ ++ kma : ++ # 18 1<<45 KMA-GCM-AES-128 ++ # 19 1<<44 KMA-GCM-AES-192 ++ # 20 1<<43 KMA-GCM-AES-256 ++ : ++ ++=head1 EXAMPLES ++ ++Disables all instruction set extensions which the z196 processor does not implement: ++ ++ OPENSSL_s390xcap="z196" ++ ++Disables the vector facility: ++ ++ OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000" ++ ++Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: ++ ++ OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" ++ ++=head1 RETURN VALUES ++ ++Not available. ++ ++=head1 SEE ALSO ++ ++[1] z/Architecture Principles of Operation, SA22-7832-11 ++ ++=head1 COPYRIGHT ++ ++Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the OpenSSL license (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff --git a/util/private.num b/util/private.num +index bc7d967b5d..180c2ab4c1 100644 +--- a/util/private.num ++++ b/util/private.num +@@ -3,6 +3,7 @@ + # assembly language, etc. + # + OPENSSL_ia32cap environment ++OPENSSL_s390xcap environment + OPENSSL_MALLOC_FD environment + OPENSSL_MALLOC_FAILURES environment + OPENSSL_instrument_bus assembler +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0003-s390x-assembly-pack-perlasm-support.patch openssl-1.1.1l/debian/patches/0003-s390x-assembly-pack-perlasm-support.patch --- openssl-1.1.1l/debian/patches/0003-s390x-assembly-pack-perlasm-support.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0003-s390x-assembly-pack-perlasm-support.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,3091 @@ +From d2e960585563a4533cd5c481ad6fd8fbd90b1f53 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Wed, 7 Dec 2016 12:58:34 +0100 +Subject: [PATCH 03/25] s390x assembly pack: perlasm support. + +Added crypto/perlasm/s390x.pm Perl module. Its primary use is to be +independent of binutils version, that is to write byte codes of +instructions that are not part of the base instruction set. +Currently only gas format is supported. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Tim Hudson +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/6919) + +(cherry picked from commit c66bb88cb08adbc848271dd388aa9695c7e200be) +--- + crypto/perlasm/s390x.pm | 3060 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 3060 insertions(+) + create mode 100644 crypto/perlasm/s390x.pm + +diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm +new file mode 100644 +index 0000000000..5f3a49dd0c +--- /dev/null ++++ b/crypto/perlasm/s390x.pm +@@ -0,0 +1,3060 @@ ++#!/usr/bin/env perl ++# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the OpenSSL license (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# Copyright IBM Corp. 2018 ++# Author: Patrick Steuer ++ ++package perlasm::s390x; ++ ++use strict; ++use warnings; ++use Carp qw(confess); ++use Exporter qw(import); ++ ++our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); ++our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle); ++our %EXPORT_TAGS=( ++ MSA => [qw(kmac km kmc kimd klmd)], ++ MSA4 => [qw(kmf kmo pcc kmctr)], ++ MSA5 => [qw(ppno prno)], ++ MSA8 => [qw(kma)], ++ VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg ++ vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib ++ vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh ++ vllezf vllezg vlm vlbb vlvg vlvgb vlvgh vlvgf vlvgg vlvgp ++ vll vmrh vmrhb vmrhh vmrhf vmrhg vmrl vmrlb vmrlh vmrlf vmrlg vpk ++ vpkh vpkf vpkg vpks vpksh vpksf vpksg vpkshs vpksfs vpksgs vpkls ++ vpklsh vpklsf vpklsg vpklshs vpklsfs vpklsgs vperm vpdi vrep vrepb ++ vreph vrepf vrepg vrepi vrepib vrepih vrepif vrepig vscef vsceg ++ vsel vseg vsegb vsegh vsegf vst vsteb vsteh vstef vsteg vstm vstl ++ vuph vuphb vuphh vuphf vuplh vuplhb vuplhh vuplhf vupl vuplb vuplhw ++ vuplf vupll vupllb vupllh vupllf va vab vah vaf vag vaq vacc vaccb ++ vacch vaccf vaccg vaccq vac vacq vaccc vacccq vn vnc vavg vavgb ++ vavgh vavgf vavgg vavgl vavglb vavglh vavglf vavglg vcksm vec_ vecb ++ vech vecf vecg vecl veclb veclh veclf veclg vceq vceqb vceqh vceqf ++ vceqg vceqbs vceqhs vceqfs vceqgs vch vchb vchh vchf vchg vchbs ++ vchhs vchfs vchgs vchl vchlb vchlh vchlf vchlg vchlbs vchlhs vchlfs ++ vchlgs vclz vclzb vclzh vclzf vclzg vctz vctzb vctzh vctzf vctzg ++ vx vgfm vgfmb vgfmh vgfmf vgfmg vgfma vgfmab vgfmah vgfmaf vgfmag ++ vlc vlcb vlch vlcf vlcg vlp vlpb vlph vlpf vlpg vmx vmxb vmxh vmxf ++ vmxg vmxl vmxlb vmxlh vmxlf vmxlg vmn vmnb vmnh vmnf vmng vmnl ++ vmnlb vmnlh vmnlf vmnlg vmal vmalb vmalhw vmalf vmah vmahb vmahh ++ vmahf vmalh vmalhb vmalhh vmalhf vmae vmaeb vmaeh vmaef vmale ++ vmaleb vmaleh vmalef vmao vmaob vmaoh vmaof vmalo vmalob vmaloh ++ vmalof vmh vmhb vmhh vmhf vmlh vmlhb vmlhh vmlhf vml vmlb vmlhw ++ vmlf vme vmeb vmeh vmef vmle vmleb vmleh vmlef vmo vmob vmoh vmof ++ vmlo vmlob vmloh vmlof vno vnot vo vpopct verllv verllvb verllvh ++ verllvf verllvg verll verllb verllh verllf verllg verim verimb ++ verimh verimf verimg veslv veslvb veslvh veslvf veslvg vesl veslb ++ veslh veslf veslg vesrav vesravb vesravh vesravf vesravg vesra ++ vesrab vesrah vesraf vesrag vesrlv vesrlvb vesrlvh vesrlvf vesrlvg ++ vesrl vesrlb vesrlh vesrlf vesrlg vsl vslb vsldb vsra vsrab vsrl ++ vsrlb vs vsb vsh vsf vsg vsq vscbi vscbib vscbih vscbif vscbig ++ vscbiq vsbi vsbiq vsbcbi vsbcbiq vsumg vsumgh vsumgf vsumq vsumqf ++ vsumqg vsum vsumb vsumh vtm vfae vfaeb vfaeh vfaef vfaebs vfaehs ++ vfaefs vfaezb vfaezh vfaezf vfaezbs vfaezhs vfaezfs vfee vfeeb ++ vfeeh vfeef vfeebs vfeehs vfeefs vfeezb vfeezh vfeezf vfeezbs ++ vfeezhs vfeezfs vfene vfeneb vfeneh vfenef vfenebs vfenehs vfenefs ++ vfenezb vfenezh vfenezf vfenezbs vfenezhs vfenezfs vistr vistrb ++ vistrh vistrf vistrbs vistrhs vistrfs vstrc vstrcb vstrch vstrcf ++ vstrcbs vstrchs vstrcfs vstrczb vstrczh vstrczf vstrczbs vstrczhs ++ vstrczfs vfa vfadb wfadb wfc wfcdb wfk wfkdb vfce vfcedb wfcedb ++ vfcedbs wfcedbs vfch vfchdb wfchdb vfchdbs wfchdbs vfche vfchedb ++ wfchedb vfchedbs wfchedbs vcdg vcdgb wcdgb vcdlg vcdlgb wcdlgb vcgd ++ vcgdb wcgdb vclgd vclgdb wclgdb vfd vfddb wfddb vfi vfidb wfidb ++ vlde vldeb wldeb vled vledb wledb vfm vfmdb wfmdb vfma vfmadb ++ wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb ++ vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb ++ vftci vftcidb wftcidb)], ++ VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth ++ vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb ++ vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs ++ wfchxb wfchxbs vfchesb vfchesbs wfchesb wfchesbs wfchexb wfchexbs ++ vfdsb wfdsb wfdxb vfisb wfisb wfixb vfll vflls wflls wflld vflr ++ vflrd wflrd wflrx vfmax vfmaxsb vfmaxdb wfmaxsb wfmaxdb wfmaxxb ++ vfmin vfminsb vfmindb wfminsb wfmindb wfminxb vfmsb wfmsb wfmxb ++ vfnma vfnms vfmasb wfmasb wfmaxb vfmssb wfmssb wfmsxb vfnmasb ++ vfnmadb wfnmasb wfnmadb wfnmaxb vfnmssb vfnmsdb wfnmssb wfnmsdb ++ wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb ++ vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb ++ wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], ++ VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp ++ vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], ++); ++Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD)); ++ ++our $AUTOLOAD; ++ ++my $GR='(?:%r)?([0-9]|1[0-5])'; ++my $VR='(?:%v)?([0-9]|1[0-9]|2[0-9]|3[0-1])'; ++ ++my ($file,$out); ++ ++sub PERLASM_BEGIN ++{ ++ ($file,$out)=(shift,""); ++} ++sub PERLASM_END ++{ ++ if (defined($file)) { ++ open(my $fd,'>',$file)||die("can't open $file: $!"); ++ print({$fd}$out); ++ close($fd); ++ } else { ++ print($out); ++ } ++} ++ ++sub AUTOLOAD { ++ confess(err("PARSE")) if (grep(!defined($_),@_)); ++ my $token; ++ for ($AUTOLOAD) { ++ $token=".$1" if (/^.*::([A-Z_]+)$/); # uppercase: directive ++ $token="\t$1" if (/^.*::([a-z]+)$/); # lowercase: mnemonic ++ confess(err("PARSE")) if (!defined($token)); ++ } ++ $token.="\t" if ($#_>=0); ++ $out.=$token.join(',',@_)."\n"; ++} ++ ++sub LABEL { # label directive ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($label)=@_; ++ $out.="$label:\n"; ++} ++ ++sub INCLUDE { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($file)=@_; ++ $out.="#include \"$file\"\n"; ++} ++ ++# ++# Mnemonics ++# ++ ++sub stfle { ++ confess(err("ARGNUM")) if ($#_!=0); ++ S(0xb2b0,@_); ++} ++ ++# MSA ++ ++sub kmac { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb91e,@_); ++} ++ ++sub km { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92e,@_); ++} ++ ++sub kmc { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92f,@_); ++} ++ ++sub kimd { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb93e,@_); ++} ++ ++sub klmd { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb93f,@_); ++} ++ ++# MSA4 ++ ++sub kmf { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92a,@_); ++} ++ ++sub kmo { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92b,@_); ++} ++ ++sub pcc { ++ confess(err("ARGNUM")) if ($#_!=-1); ++ RRE(0xb92c,@_); ++} ++ ++sub kmctr { ++ confess(err("ARGNUM")) if ($#_!=2); ++ RRFb(0xb92d,@_); ++} ++ ++# MSA5 ++ ++sub prno { ++ ppno(@_); ++} ++ ++sub ppno { # deprecated, use prno ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb93c,@_); ++} ++ ++# MSA8 ++ ++sub kma { ++ confess(err("ARGNUM")) if ($#_!=2); ++ RRFb(0xb929,@_); ++} ++ ++# VX - Support Instructions ++ ++sub vgef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe713,@_); ++} ++sub vgeg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe712,@_); ++} ++ ++sub vgbm { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRIa(0xe744,@_); ++} ++sub vzero { ++ vgbm(@_,0); ++} ++sub vone { ++ vgbm(@_,0xffff); ++} ++ ++sub vgm { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIb(0xe746,@_); ++} ++sub vgmb { ++ vgm(@_,0); ++} ++sub vgmh { ++ vgm(@_,1); ++} ++sub vgmf { ++ vgm(@_,2); ++} ++sub vgmg { ++ vgm(@_,3); ++} ++ ++sub vl { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRX(0xe706,@_); ++} ++ ++sub vlr { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRRa(0xe756,@_); ++} ++ ++sub vlrep { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe705,@_); ++} ++sub vlrepb { ++ vlrep(@_,0); ++} ++sub vlreph { ++ vlrep(@_,1); ++} ++sub vlrepf { ++ vlrep(@_,2); ++} ++sub vlrepg { ++ vlrep(@_,3); ++} ++ ++sub vleb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe700,@_); ++} ++sub vleh { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe701,@_); ++} ++sub vlef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe703,@_); ++} ++sub vleg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe702,@_); ++} ++ ++sub vleib { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe740,@_); ++} ++sub vleih { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe741,@_); ++} ++sub vleif { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe743,@_); ++} ++sub vleig { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe742,@_); ++} ++ ++sub vlgv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSc(0xe721,@_); ++} ++sub vlgvb { ++ vlgv(@_,0); ++} ++sub vlgvh { ++ vlgv(@_,1); ++} ++sub vlgvf { ++ vlgv(@_,2); ++} ++sub vlgvg { ++ vlgv(@_,3); ++} ++ ++sub vllez { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe704,@_); ++} ++sub vllezb { ++ vllez(@_,0); ++} ++sub vllezh { ++ vllez(@_,1); ++} ++sub vllezf { ++ vllez(@_,2); ++} ++sub vllezg { ++ vllez(@_,3); ++} ++ ++sub vlm { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSa(0xe736,@_); ++} ++ ++sub vlbb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe707,@_); ++} ++ ++sub vlvg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSb(0xe722,@_); ++} ++sub vlvgb { ++ vlvg(@_,0); ++} ++sub vlvgh { ++ vlvg(@_,1); ++} ++sub vlvgf { ++ vlvg(@_,2); ++} ++sub vlvgg { ++ vlvg(@_,3); ++} ++ ++sub vlvgp { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRf(0xe762,@_); ++} ++ ++sub vll { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSb(0xe737,@_); ++} ++ ++sub vmrh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe761,@_); ++} ++sub vmrhb { ++ vmrh(@_,0); ++} ++sub vmrhh { ++ vmrh(@_,1); ++} ++sub vmrhf { ++ vmrh(@_,2); ++} ++sub vmrhg { ++ vmrh(@_,3); ++} ++ ++sub vmrl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe760,@_); ++} ++sub vmrlb { ++ vmrl(@_,0); ++} ++sub vmrlh { ++ vmrl(@_,1); ++} ++sub vmrlf { ++ vmrl(@_,2); ++} ++sub vmrlg { ++ vmrl(@_,3); ++} ++ ++sub vpk { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe794,@_); ++} ++sub vpkh { ++ vpk(@_,1); ++} ++sub vpkf { ++ vpk(@_,2); ++} ++sub vpkg { ++ vpk(@_,3); ++} ++ ++sub vpks { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe797,@_); ++} ++sub vpksh { ++ vpks(@_,1,0); ++} ++sub vpksf { ++ vpks(@_,2,0); ++} ++sub vpksg { ++ vpks(@_,3,0); ++} ++sub vpkshs { ++ vpks(@_,1,1); ++} ++sub vpksfs { ++ vpks(@_,2,1); ++} ++sub vpksgs { ++ vpks(@_,3,1); ++} ++ ++sub vpkls { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe795,@_); ++} ++sub vpklsh { ++ vpkls(@_,1,0); ++} ++sub vpklsf { ++ vpkls(@_,2,0); ++} ++sub vpklsg { ++ vpkls(@_,3,0); ++} ++sub vpklshs { ++ vpkls(@_,1,1); ++} ++sub vpklsfs { ++ vpkls(@_,2,1); ++} ++sub vpklsgs { ++ vpkls(@_,3,1); ++} ++ ++sub vperm { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRe(0xe78c,@_); ++} ++ ++sub vpdi { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe784,@_); ++} ++ ++sub vrep { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIc(0xe74d,@_); ++} ++sub vrepb { ++ vrep(@_,0); ++} ++sub vreph { ++ vrep(@_,1); ++} ++sub vrepf { ++ vrep(@_,2); ++} ++sub vrepg { ++ vrep(@_,3); ++} ++ ++sub vrepi { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe745,@_); ++} ++sub vrepib { ++ vrepi(@_,0); ++} ++sub vrepih { ++ vrepi(@_,1); ++} ++sub vrepif { ++ vrepi(@_,2); ++} ++sub vrepig { ++ vrepi(@_,3); ++} ++ ++sub vscef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe71b,@_); ++} ++sub vsceg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe71a,@_); ++} ++ ++sub vsel { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRe(0xe78d,@_); ++} ++ ++sub vseg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe75f,@_); ++} ++sub vsegb { ++ vseg(@_,0); ++} ++sub vsegh { ++ vseg(@_,1); ++} ++sub vsegf { ++ vseg(@_,2); ++} ++ ++sub vst { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRX(0xe70e,@_); ++} ++ ++sub vsteb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe708,@_); ++} ++sub vsteh { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe709,@_); ++} ++sub vstef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe70b,@_); ++} ++sub vsteg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe70a,@_); ++} ++ ++sub vstm { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSa(0xe73e,@_); ++} ++ ++sub vstl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSb(0xe73f,@_); ++} ++ ++sub vuph { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d7,@_); ++} ++sub vuphb { ++ vuph(@_,0); ++} ++sub vuphh { ++ vuph(@_,1); ++} ++sub vuphf { ++ vuph(@_,2); ++} ++ ++sub vuplh { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d5,@_); ++} ++sub vuplhb { ++ vuplh(@_,0); ++} ++sub vuplhh { ++ vuplh(@_,1); ++} ++sub vuplhf { ++ vuplh(@_,2); ++} ++ ++sub vupl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d6,@_); ++} ++sub vuplb { ++ vupl(@_,0); ++} ++sub vuplhw { ++ vupl(@_,1); ++} ++sub vuplf { ++ vupl(@_,2); ++} ++ ++sub vupll { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d4,@_); ++} ++sub vupllb { ++ vupll(@_,0); ++} ++sub vupllh { ++ vupll(@_,1); ++} ++sub vupllf { ++ vupll(@_,2); ++} ++ ++# VX - Integer Instructions ++ ++sub va { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f3,@_); ++} ++sub vab { ++ va(@_,0); ++} ++sub vah { ++ va(@_,1); ++} ++sub vaf { ++ va(@_,2); ++} ++sub vag { ++ va(@_,3); ++} ++sub vaq { ++ va(@_,4); ++} ++ ++sub vacc { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f1,@_); ++} ++sub vaccb { ++ vacc(@_,0); ++} ++sub vacch { ++ vacc(@_,1); ++} ++sub vaccf { ++ vacc(@_,2); ++} ++sub vaccg { ++ vacc(@_,3); ++} ++sub vaccq { ++ vacc(@_,4); ++} ++ ++sub vac { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bb,@_); ++} ++sub vacq { ++ vac(@_,4); ++} ++ ++sub vaccc { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7b9,@_); ++} ++sub vacccq { ++ vaccc(@_,4); ++} ++ ++sub vn { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe768,@_); ++} ++ ++sub vnc { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe769,@_); ++} ++ ++sub vavg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f2,@_); ++} ++sub vavgb { ++ vavg(@_,0); ++} ++sub vavgh { ++ vavg(@_,1); ++} ++sub vavgf { ++ vavg(@_,2); ++} ++sub vavgg { ++ vavg(@_,3); ++} ++ ++sub vavgl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f0,@_); ++} ++sub vavglb { ++ vavgl(@_,0); ++} ++sub vavglh { ++ vavgl(@_,1); ++} ++sub vavglf { ++ vavgl(@_,2); ++} ++sub vavglg { ++ vavgl(@_,3); ++} ++ ++sub vcksm { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe766,@_); ++} ++ ++sub vec_ { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7db,@_); ++} ++sub vecb { ++ vec_(@_,0); ++} ++sub vech { ++ vec_(@_,1); ++} ++sub vecf { ++ vec_(@_,2); ++} ++sub vecg { ++ vec_(@_,3); ++} ++ ++sub vecl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d9,@_); ++} ++sub veclb { ++ vecl(@_,0); ++} ++sub veclh { ++ vecl(@_,1); ++} ++sub veclf { ++ vecl(@_,2); ++} ++sub veclg { ++ vecl(@_,3); ++} ++ ++sub vceq { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe7f8,@_); ++} ++sub vceqb { ++ vceq(@_,0,0); ++} ++sub vceqh { ++ vceq(@_,1,0); ++} ++sub vceqf { ++ vceq(@_,2,0); ++} ++sub vceqg { ++ vceq(@_,3,0); ++} ++sub vceqbs { ++ vceq(@_,0,1); ++} ++sub vceqhs { ++ vceq(@_,1,1); ++} ++sub vceqfs { ++ vceq(@_,2,1); ++} ++sub vceqgs { ++ vceq(@_,3,1); ++} ++ ++sub vch { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe7fb,@_); ++} ++sub vchb { ++ vch(@_,0,0); ++} ++sub vchh { ++ vch(@_,1,0); ++} ++sub vchf { ++ vch(@_,2,0); ++} ++sub vchg { ++ vch(@_,3,0); ++} ++sub vchbs { ++ vch(@_,0,1); ++} ++sub vchhs { ++ vch(@_,1,1); ++} ++sub vchfs { ++ vch(@_,2,1); ++} ++sub vchgs { ++ vch(@_,3,1); ++} ++ ++sub vchl { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe7f9,@_); ++} ++sub vchlb { ++ vchl(@_,0,0); ++} ++sub vchlh { ++ vchl(@_,1,0); ++} ++sub vchlf { ++ vchl(@_,2,0); ++} ++sub vchlg { ++ vchl(@_,3,0); ++} ++sub vchlbs { ++ vchl(@_,0,1); ++} ++sub vchlhs { ++ vchl(@_,1,1); ++} ++sub vchlfs { ++ vchl(@_,2,1); ++} ++sub vchlgs { ++ vchl(@_,3,1); ++} ++ ++sub vclz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe753,@_); ++} ++sub vclzb { ++ vclz(@_,0); ++} ++sub vclzh { ++ vclz(@_,1); ++} ++sub vclzf { ++ vclz(@_,2); ++} ++sub vclzg { ++ vclz(@_,3); ++} ++ ++sub vctz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe752,@_); ++} ++sub vctzb { ++ vctz(@_,0); ++} ++sub vctzh { ++ vctz(@_,1); ++} ++sub vctzf { ++ vctz(@_,2); ++} ++sub vctzg { ++ vctz(@_,3); ++} ++ ++sub vx { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76d,@_); ++} ++ ++sub vgfm { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7b4,@_); ++} ++sub vgfmb { ++ vgfm(@_,0); ++} ++sub vgfmh { ++ vgfm(@_,1); ++} ++sub vgfmf { ++ vgfm(@_,2); ++} ++sub vgfmg { ++ vgfm(@_,3); ++} ++ ++sub vgfma { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bc,@_); ++} ++sub vgfmab { ++ vgfma(@_,0); ++} ++sub vgfmah { ++ vgfma(@_,1); ++} ++sub vgfmaf { ++ vgfma(@_,2); ++} ++sub vgfmag { ++ vgfma(@_,3); ++} ++ ++sub vlc { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7de,@_); ++} ++sub vlcb { ++ vlc(@_,0); ++} ++sub vlch { ++ vlc(@_,1); ++} ++sub vlcf { ++ vlc(@_,2); ++} ++sub vlcg { ++ vlc(@_,3); ++} ++ ++sub vlp { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7df,@_); ++} ++sub vlpb { ++ vlp(@_,0); ++} ++sub vlph { ++ vlp(@_,1); ++} ++sub vlpf { ++ vlp(@_,2); ++} ++sub vlpg { ++ vlp(@_,3); ++} ++ ++sub vmx { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7ff,@_); ++} ++sub vmxb { ++ vmx(@_,0); ++} ++sub vmxh { ++ vmx(@_,1); ++} ++sub vmxf { ++ vmx(@_,2); ++} ++sub vmxg { ++ vmx(@_,3); ++} ++ ++sub vmxl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7fd,@_); ++} ++sub vmxlb { ++ vmxl(@_,0); ++} ++sub vmxlh { ++ vmxl(@_,1); ++} ++sub vmxlf { ++ vmxl(@_,2); ++} ++sub vmxlg { ++ vmxl(@_,3); ++} ++ ++sub vmn { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7fe,@_); ++} ++sub vmnb { ++ vmn(@_,0); ++} ++sub vmnh { ++ vmn(@_,1); ++} ++sub vmnf { ++ vmn(@_,2); ++} ++sub vmng { ++ vmn(@_,3); ++} ++ ++sub vmnl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7fc,@_); ++} ++sub vmnlb { ++ vmnl(@_,0); ++} ++sub vmnlh { ++ vmnl(@_,1); ++} ++sub vmnlf { ++ vmnl(@_,2); ++} ++sub vmnlg { ++ vmnl(@_,3); ++} ++ ++sub vmal { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7aa,@_); ++} ++sub vmalb { ++ vmal(@_,0); ++} ++sub vmalhw { ++ vmal(@_,1); ++} ++sub vmalf { ++ vmal(@_,2); ++} ++ ++sub vmah { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ab,@_); ++} ++sub vmahb { ++ vmah(@_,0); ++} ++sub vmahh { ++ vmah(@_,1); ++} ++sub vmahf { ++ vmah(@_,2); ++} ++ ++sub vmalh { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7a9,@_); ++} ++sub vmalhb { ++ vmalh(@_,0); ++} ++sub vmalhh { ++ vmalh(@_,1); ++} ++sub vmalhf { ++ vmalh(@_,2); ++} ++ ++sub vmae { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ae,@_); ++} ++sub vmaeb { ++ vmae(@_,0); ++} ++sub vmaeh { ++ vmae(@_,1); ++} ++sub vmaef { ++ vmae(@_,2); ++} ++ ++sub vmale { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ac,@_); ++} ++sub vmaleb { ++ vmale(@_,0); ++} ++sub vmaleh { ++ vmale(@_,1); ++} ++sub vmalef { ++ vmale(@_,2); ++} ++ ++sub vmao { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7af,@_); ++} ++sub vmaob { ++ vmao(@_,0); ++} ++sub vmaoh { ++ vmao(@_,1); ++} ++sub vmaof { ++ vmao(@_,2); ++} ++ ++sub vmalo { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ad,@_); ++} ++sub vmalob { ++ vmalo(@_,0); ++} ++sub vmaloh { ++ vmalo(@_,1); ++} ++sub vmalof { ++ vmalo(@_,2); ++} ++ ++sub vmh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a3,@_); ++} ++sub vmhb { ++ vmh(@_,0); ++} ++sub vmhh { ++ vmh(@_,1); ++} ++sub vmhf { ++ vmh(@_,2); ++} ++ ++sub vmlh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a1,@_); ++} ++sub vmlhb { ++ vmlh(@_,0); ++} ++sub vmlhh { ++ vmlh(@_,1); ++} ++sub vmlhf { ++ vmlh(@_,2); ++} ++ ++sub vml { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a2,@_); ++} ++sub vmlb { ++ vml(@_,0); ++} ++sub vmlhw { ++ vml(@_,1); ++} ++sub vmlf { ++ vml(@_,2); ++} ++ ++sub vme { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a6,@_); ++} ++sub vmeb { ++ vme(@_,0); ++} ++sub vmeh { ++ vme(@_,1); ++} ++sub vmef { ++ vme(@_,2); ++} ++ ++sub vmle { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a4,@_); ++} ++sub vmleb { ++ vmle(@_,0); ++} ++sub vmleh { ++ vmle(@_,1); ++} ++sub vmlef { ++ vmle(@_,2); ++} ++ ++sub vmo { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a7,@_); ++} ++sub vmob { ++ vmo(@_,0); ++} ++sub vmoh { ++ vmo(@_,1); ++} ++sub vmof { ++ vmo(@_,2); ++} ++ ++sub vmlo { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a5,@_); ++} ++sub vmlob { ++ vmlo(@_,0); ++} ++sub vmloh { ++ vmlo(@_,1); ++} ++sub vmlof { ++ vmlo(@_,2); ++} ++ ++sub vno { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76b,@_); ++} ++sub vnot { ++ vno(@_,$_[1]); ++} ++ ++sub vo { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76a,@_); ++} ++ ++sub vpopct { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe750,@_); ++} ++ ++sub verllv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe773,@_); ++} ++sub verllvb { ++ verllv(@_,0); ++} ++sub verllvh { ++ verllv(@_,1); ++} ++sub verllvf { ++ verllv(@_,2); ++} ++sub verllvg { ++ verllv(@_,3); ++} ++ ++sub verll { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe733,@_); ++} ++sub verllb { ++ verll(@_,0); ++} ++sub verllh { ++ verll(@_,1); ++} ++sub verllf { ++ verll(@_,2); ++} ++sub verllg { ++ verll(@_,3); ++} ++ ++sub verim { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRId(0xe772,@_); ++} ++sub verimb { ++ verim(@_,0); ++} ++sub verimh { ++ verim(@_,1); ++} ++sub verimf { ++ verim(@_,2); ++} ++sub verimg { ++ verim(@_,3); ++} ++ ++sub veslv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe770,@_); ++} ++sub veslvb { ++ veslv(@_,0); ++} ++sub veslvh { ++ veslv(@_,1); ++} ++sub veslvf { ++ veslv(@_,2); ++} ++sub veslvg { ++ veslv(@_,3); ++} ++ ++sub vesl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe730,@_); ++} ++sub veslb { ++ vesl(@_,0); ++} ++sub veslh { ++ vesl(@_,1); ++} ++sub veslf { ++ vesl(@_,2); ++} ++sub veslg { ++ vesl(@_,3); ++} ++ ++sub vesrav { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe77a,@_); ++} ++sub vesravb { ++ vesrav(@_,0); ++} ++sub vesravh { ++ vesrav(@_,1); ++} ++sub vesravf { ++ vesrav(@_,2); ++} ++sub vesravg { ++ vesrav(@_,3); ++} ++ ++sub vesra { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe73a,@_); ++} ++sub vesrab { ++ vesra(@_,0); ++} ++sub vesrah { ++ vesra(@_,1); ++} ++sub vesraf { ++ vesra(@_,2); ++} ++sub vesrag { ++ vesra(@_,3); ++} ++ ++sub vesrlv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe778,@_); ++} ++sub vesrlvb { ++ vesrlv(@_,0); ++} ++sub vesrlvh { ++ vesrlv(@_,1); ++} ++sub vesrlvf { ++ vesrlv(@_,2); ++} ++sub vesrlvg { ++ vesrlv(@_,3); ++} ++ ++sub vesrl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe738,@_); ++} ++sub vesrlb { ++ vesrl(@_,0); ++} ++sub vesrlh { ++ vesrl(@_,1); ++} ++sub vesrlf { ++ vesrl(@_,2); ++} ++sub vesrlg { ++ vesrl(@_,3); ++} ++ ++sub vsl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe774,@_); ++} ++ ++sub vslb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe775,@_); ++} ++ ++sub vsldb { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRId(0xe777,@_); ++} ++ ++sub vsra { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77e,@_); ++} ++ ++sub vsrab { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77f,@_); ++} ++ ++sub vsrl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77c,@_); ++} ++ ++sub vsrlb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77d,@_); ++} ++ ++sub vs { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f7,@_); ++} ++sub vsb { ++ vs(@_,0); ++} ++sub vsh { ++ vs(@_,1); ++} ++sub vsf { ++ vs(@_,2); ++} ++sub vsg { ++ vs(@_,3); ++} ++sub vsq { ++ vs(@_,4); ++} ++ ++sub vscbi { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f5,@_); ++} ++sub vscbib { ++ vscbi(@_,0); ++} ++sub vscbih { ++ vscbi(@_,1); ++} ++sub vscbif { ++ vscbi(@_,2); ++} ++sub vscbig { ++ vscbi(@_,3); ++} ++sub vscbiq { ++ vscbi(@_,4); ++} ++ ++sub vsbi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bf,@_); ++} ++sub vsbiq { ++ vsbi(@_,4); ++} ++ ++sub vsbcbi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bd,@_); ++} ++sub vsbcbiq { ++ vsbcbi(@_,4); ++} ++ ++sub vsumg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe765,@_); ++} ++sub vsumgh { ++ vsumg(@_,1); ++} ++sub vsumgf { ++ vsumg(@_,2); ++} ++ ++sub vsumq { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe767,@_); ++} ++sub vsumqf { ++ vsumq(@_,2); ++} ++sub vsumqg { ++ vsumq(@_,3); ++} ++ ++sub vsum { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe764,@_); ++} ++sub vsumb { ++ vsum(@_,0); ++} ++sub vsumh { ++ vsum(@_,1); ++} ++ ++sub vtm { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRRa(0xe7d8,@_); ++} ++ ++# VX - String Instructions ++ ++sub vfae { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ VRRb(0xe782,@_); ++} ++sub vfaeb { ++ vfae(@_[0..2],0,$_[3]); ++} ++sub vfaeh { ++ vfae(@_[0..2],1,$_[3]); ++} ++sub vfaef { ++ vfae(@_[0..2],2,$_[3]); ++} ++sub vfaebs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],0,0x1|$_[3]); ++} ++sub vfaehs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],1,0x1|$_[3]); ++} ++sub vfaefs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],2,0x1|$_[3]); ++} ++sub vfaezb { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],0,0x2|$_[3]); ++} ++sub vfaezh { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],1,0x2|$_[3]); ++} ++sub vfaezf { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],2,0x2|$_[3]); ++} ++sub vfaezbs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],0,0x3|$_[3]); ++} ++sub vfaezhs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],1,0x3|$_[3]); ++} ++sub vfaezfs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],2,0x3|$_[3]); ++} ++ ++sub vfee { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ VRRb(0xe780,@_); ++} ++sub vfeeb { ++ vfee(@_[0..2],0,$_[3]); ++} ++sub vfeeh { ++ vfee(@_[0..2],1,$_[3]); ++} ++sub vfeef { ++ vfee(@_[0..2],2,$_[3]); ++} ++sub vfeebs { ++ vfee(@_,0,1); ++} ++sub vfeehs { ++ vfee(@_,1,1); ++} ++sub vfeefs { ++ vfee(@_,2,1); ++} ++sub vfeezb { ++ vfee(@_,0,2); ++} ++sub vfeezh { ++ vfee(@_,1,2); ++} ++sub vfeezf { ++ vfee(@_,2,2); ++} ++sub vfeezbs { ++ vfee(@_,0,3); ++} ++sub vfeezhs { ++ vfee(@_,1,3); ++} ++sub vfeezfs { ++ vfee(@_,2,3); ++} ++ ++sub vfene { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ VRRb(0xe781,@_); ++} ++sub vfeneb { ++ vfene(@_[0..2],0,$_[3]); ++} ++sub vfeneh { ++ vfene(@_[0..2],1,$_[3]); ++} ++sub vfenef { ++ vfene(@_[0..2],2,$_[3]); ++} ++sub vfenebs { ++ vfene(@_,0,1); ++} ++sub vfenehs { ++ vfene(@_,1,1); ++} ++sub vfenefs { ++ vfene(@_,2,1); ++} ++sub vfenezb { ++ vfene(@_,0,2); ++} ++sub vfenezh { ++ vfene(@_,1,2); ++} ++sub vfenezf { ++ vfene(@_,2,2); ++} ++sub vfenezbs { ++ vfene(@_,0,3); ++} ++sub vfenezhs { ++ vfene(@_,1,3); ++} ++sub vfenezfs { ++ vfene(@_,2,3); ++} ++ ++sub vistr { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ VRRa(0xe75c,@_[0..2],0,$_[3]); ++} ++sub vistrb { ++ vistr(@_[0..1],0,$_[2]); ++} ++sub vistrh { ++ vistr(@_[0..1],1,$_[2]); ++} ++sub vistrf { ++ vistr(@_[0..1],2,$_[2]); ++} ++sub vistrbs { ++ vistr(@_,0,1); ++} ++sub vistrhs { ++ vistr(@_,1,1); ++} ++sub vistrfs { ++ vistr(@_,2,1); ++} ++ ++sub vstrc { ++ confess(err("ARGNUM")) if ($#_<4||$#_>5); ++ VRRd(0xe78a,@_); ++} ++sub vstrcb { ++ vstrc(@_[0..3],0,$_[4]); ++} ++sub vstrch { ++ vstrc(@_[0..3],1,$_[4]); ++} ++sub vstrcf { ++ vstrc(@_[0..3],2,$_[4]); ++} ++sub vstrcbs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],0,0x1|$_[4]); ++} ++sub vstrchs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],1,0x1|$_[4]); ++} ++sub vstrcfs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],2,0x1|$_[4]); ++} ++sub vstrczb { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],0,0x2|$_[4]); ++} ++sub vstrczh { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],1,0x2|$_[4]); ++} ++sub vstrczf { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],2,0x2|$_[4]); ++} ++sub vstrczbs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],0,0x3|$_[4]); ++} ++sub vstrczhs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],1,0x3|$_[4]); ++} ++sub vstrczfs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],2,0x3|$_[4]); ++} ++ ++# VX - Floating-point Instructions ++ ++sub vfa { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e3,@_); ++} ++sub vfadb { ++ vfa(@_,3,0); ++} ++sub wfadb { ++ vfa(@_,3,8); ++} ++ ++sub wfc { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7cb,@_); ++} ++sub wfcdb { ++ wfc(@_,3,0); ++} ++ ++sub wfk { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7ca,@_); ++} ++sub wfksb { ++ wfk(@_,2,0); ++} ++sub wfkdb { ++ wfk(@_,3,0); ++} ++sub wfkxb { ++ wfk(@_,4,0); ++} ++ ++sub vfce { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7e8,@_); ++} ++sub vfcedb { ++ vfce(@_,3,0,0); ++} ++sub vfcedbs { ++ vfce(@_,3,0,1); ++} ++sub wfcedb { ++ vfce(@_,3,8,0); ++} ++sub wfcedbs { ++ vfce(@_,3,8,1); ++} ++ ++sub vfch { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7eb,@_); ++} ++sub vfchdb { ++ vfch(@_,3,0,0); ++} ++sub vfchdbs { ++ vfch(@_,3,0,1); ++} ++sub wfchdb { ++ vfch(@_,3,8,0); ++} ++sub wfchdbs { ++ vfch(@_,3,8,1); ++} ++ ++sub vfche { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7ea,@_); ++} ++sub vfchedb { ++ vfche(@_,3,0,0); ++} ++sub vfchedbs { ++ vfche(@_,3,0,1); ++} ++sub wfchedb { ++ vfche(@_,3,8,0); ++} ++sub wfchedbs { ++ vfche(@_,3,8,1); ++} ++ ++sub vcdg { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c3,@_); ++} ++sub vcdgb { ++ vcdg(@_[0..1],3,@_[2..3]); ++} ++sub wcdgb { ++ vcdg(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vcdlg { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c1,@_); ++} ++sub vcdlgb { ++ vcdlg(@_[0..1],3,@_[2..3]); ++} ++sub wcdlgb { ++ vcdlg(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vcgd { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c2,@_); ++} ++sub vcgdb { ++ vcgd(@_[0..1],3,@_[2..3]); ++} ++sub wcgdb { ++ vcgd(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vclgd { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c0,@_); ++} ++sub vclgdb { ++ vclgd(@_[0..1],3,@_[2..3]); ++} ++sub wclgdb { ++ vclgd(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vfd { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e5,@_); ++} ++sub vfddb { ++ vfd(@_,3,0); ++} ++sub wfddb { ++ vfd(@_,3,8); ++} ++ ++sub vfi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c7,@_); ++} ++sub vfidb { ++ vfi(@_[0..1],3,@_[2..3]); ++} ++sub wfidb { ++ vfi(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vlde { # deprecated, use vfll ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7c4,@_); ++} ++sub vldeb { # deprecated, use vflls ++ vlde(@_,2,0); ++} ++sub wldeb { # deprecated, use wflls ++ vlde(@_,2,8); ++} ++ ++sub vled { # deprecated, use vflr ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c5,@_); ++} ++sub vledb { # deprecated, use vflrd ++ vled(@_[0..1],3,@_[2..3]); ++} ++sub wledb { # deprecated, use wflrd ++ vled(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vfm { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e7,@_); ++} ++sub vfmdb { ++ vfm(@_,3,0); ++} ++sub wfmdb { ++ vfm(@_,3,8); ++} ++ ++sub vfma { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe78f,@_); ++} ++sub vfmadb { ++ vfma(@_,0,3); ++} ++sub wfmadb { ++ vfma(@_,8,3); ++} ++ ++sub vfms { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe78e,@_); ++} ++sub vfmsdb { ++ vfms(@_,0,3); ++} ++sub wfmsdb { ++ vfms(@_,8,3); ++} ++ ++sub vfpso { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7cc,@_); ++} ++sub vfpsodb { ++ vfpso(@_[0..1],3,0,$_[2]); ++} ++sub wfpsodb { ++ vfpso(@_[0..1],3,8,$_[2]); ++} ++sub vflcdb { ++ vfpso(@_,3,0,0); ++} ++sub wflcdb { ++ vfpso(@_,3,8,0); ++} ++sub vflndb { ++ vfpso(@_,3,0,1); ++} ++sub wflndb { ++ vfpso(@_,3,8,1); ++} ++sub vflpdb { ++ vfpso(@_,3,0,2); ++} ++sub wflpdb { ++ vfpso(@_,3,8,2); ++} ++ ++sub vfsq { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7ce,@_); ++} ++sub vfsqdb { ++ vfsq(@_,3,0); ++} ++sub wfsqdb { ++ vfsq(@_,3,8); ++} ++ ++sub vfs { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e2,@_); ++} ++sub vfsdb { ++ vfs(@_,3,0); ++} ++sub wfsdb { ++ vfs(@_,3,8); ++} ++ ++sub vftci { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIe(0xe74a,@_); ++} ++sub vftcidb { ++ vftci(@_,3,0); ++} ++sub wftcidb { ++ vftci(@_,3,8); ++} ++ ++# VXE - Support Instructions ++ ++sub vbperm { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe785,@_); ++} ++ ++sub vllezlf { ++ vllez(@_,6); ++} ++ ++# VXE - Integer Instructions ++ ++sub vmsl { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRd(0xe7b8,@_); ++} ++sub vmslg { ++ vmsl(@_[0..3],3,$_[4]); ++} ++ ++sub vnx { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76c,@_); ++} ++ ++sub vnn { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76e,@_); ++} ++ ++sub voc { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76f,@_); ++} ++ ++sub vpopctb { ++ vpopct(@_,0); ++} ++sub vpopcth { ++ vpopct(@_,1); ++} ++sub vpopctf { ++ vpopct(@_,2); ++} ++sub vpopctg { ++ vpopct(@_,3); ++} ++ ++# VXE - Floating-Point Instructions ++ ++sub vfasb { ++ vfa(@_,2,0); ++} ++sub wfasb { ++ vfa(@_,2,8); ++} ++sub wfaxb { ++ vfa(@_,4,8); ++} ++ ++sub wfcsb { ++ wfc(@_,2,0); ++} ++sub wfcxb { ++ wfc(@_,4,0); ++} ++ ++sub vfcesb { ++ vfce(@_,2,0,0); ++} ++sub vfcesbs { ++ vfce(@_,2,0,1); ++} ++sub wfcesb { ++ vfce(@_,2,8,0); ++} ++sub wfcesbs { ++ vfce(@_,2,8,1); ++} ++sub wfcexb { ++ vfce(@_,4,8,0); ++} ++sub wfcexbs { ++ vfce(@_,4,8,1); ++} ++ ++sub vfchsb { ++ vfch(@_,2,0,0); ++} ++sub vfchsbs { ++ vfch(@_,2,0,1); ++} ++sub wfchsb { ++ vfch(@_,2,8,0); ++} ++sub wfchsbs { ++ vfch(@_,2,8,1); ++} ++sub wfchxb { ++ vfch(@_,4,8,0); ++} ++sub wfchxbs { ++ vfch(@_,4,8,1); ++} ++ ++sub vfchesb { ++ vfche(@_,2,0,0); ++} ++sub vfchesbs { ++ vfche(@_,2,0,1); ++} ++sub wfchesb { ++ vfche(@_,2,8,0); ++} ++sub wfchesbs { ++ vfche(@_,2,8,1); ++} ++sub wfchexb { ++ vfche(@_,4,8,0); ++} ++sub wfchexbs { ++ vfche(@_,4,8,1); ++} ++ ++sub vfdsb { ++ vfd(@_,2,0); ++} ++sub wfdsb { ++ vfd(@_,2,8); ++} ++sub wfdxb { ++ vfd(@_,4,8); ++} ++ ++sub vfisb { ++ vfi(@_[0..1],2,@_[2..3]); ++} ++sub wfisb { ++ vfi(@_[0..1],2,0x8|$_[2],$_[3]); ++} ++sub wfixb { ++ vfi(@_[0..1],4,0x8|$_[2],$_[3]); ++} ++ ++sub vfll { ++ vlde(@_); ++} ++sub vflls { ++ vfll(@_,2,0); ++} ++sub wflls { ++ vfll(@_,2,8); ++} ++sub wflld { ++ vfll(@_,3,8); ++} ++ ++sub vflr { ++ vled(@_); ++} ++sub vflrd { ++ vflr(@_[0..1],3,@_[2..3]); ++} ++sub wflrd { ++ vflr(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++sub wflrx { ++ vflr(@_[0..1],4,0x8|$_[2],$_[3]); ++} ++ ++sub vfmax { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7ef,@_); ++} ++sub vfmaxsb { ++ vfmax(@_[0..2],2,0,$_[3]); ++} ++sub vfmaxdb { ++ vfmax(@_[0..2],3,0,$_[3]); ++} ++sub wfmaxsb { ++ vfmax(@_[0..2],2,8,$_[3]); ++} ++sub wfmaxdb { ++ vfmax(@_[0..2],3,8,$_[3]); ++} ++sub wfmaxxb { ++ vfmax(@_[0..2],4,8,$_[3]); ++} ++ ++sub vfmin { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7ee,@_); ++} ++sub vfminsb { ++ vfmin(@_[0..2],2,0,$_[5]); ++} ++sub vfmindb { ++ vfmin(@_[0..2],3,0,$_[5]); ++} ++sub wfminsb { ++ vfmin(@_[0..2],2,8,$_[5]); ++} ++sub wfmindb { ++ vfmin(@_[0..2],3,8,$_[5]); ++} ++sub wfminxb { ++ vfmin(@_[0..2],4,8,$_[5]); ++} ++ ++sub vfmsb { ++ vfm(@_,2,0); ++} ++sub wfmsb { ++ vfm(@_,2,8); ++} ++sub wfmxb { ++ vfm(@_,4,8); ++} ++ ++sub vfmasb { ++ vfma(@_,0,2); ++} ++sub wfmasb { ++ vfma(@_,8,2); ++} ++sub wfmaxb { ++ vfma(@_,8,4); ++} ++ ++sub vfmssb { ++ vfms(@_,0,2); ++} ++sub wfmssb { ++ vfms(@_,8,2); ++} ++sub wfmsxb { ++ vfms(@_,8,4); ++} ++ ++sub vfnma { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe79f,@_); ++} ++sub vfnmasb { ++ vfnma(@_,0,2); ++} ++sub vfnmadb { ++ vfnma(@_,0,3); ++} ++sub wfnmasb { ++ vfnma(@_,8,2); ++} ++sub wfnmadb { ++ vfnma(@_,8,3); ++} ++sub wfnmaxb { ++ vfnma(@_,8,4); ++} ++ ++sub vfnms { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe79e,@_); ++} ++sub vfnmssb { ++ vfnms(@_,0,2); ++} ++sub vfnmsdb { ++ vfnms(@_,0,3); ++} ++sub wfnmssb { ++ vfnms(@_,8,2); ++} ++sub wfnmsdb { ++ vfnms(@_,8,3); ++} ++sub wfnmsxb { ++ vfnms(@_,8,4); ++} ++ ++sub vfpsosb { ++ vfpso(@_[0..1],2,0,$_[2]); ++} ++sub wfpsosb { ++ vfpso(@_[0..1],2,8,$_[2]); ++} ++sub vflcsb { ++ vfpso(@_,2,0,0); ++} ++sub wflcsb { ++ vfpso(@_,2,8,0); ++} ++sub vflnsb { ++ vfpso(@_,2,0,1); ++} ++sub wflnsb { ++ vfpso(@_,2,8,1); ++} ++sub vflpsb { ++ vfpso(@_,2,0,2); ++} ++sub wflpsb { ++ vfpso(@_,2,8,2); ++} ++sub vfpsoxb { ++ vfpso(@_[0..1],4,0,$_[2]); ++} ++sub wfpsoxb { ++ vfpso(@_[0..1],4,8,$_[2]); ++} ++sub vflcxb { ++ vfpso(@_,4,0,0); ++} ++sub wflcxb { ++ vfpso(@_,4,8,0); ++} ++sub vflnxb { ++ vfpso(@_,4,0,1); ++} ++sub wflnxb { ++ vfpso(@_,4,8,1); ++} ++sub vflpxb { ++ vfpso(@_,4,0,2); ++} ++sub wflpxb { ++ vfpso(@_,4,8,2); ++} ++ ++sub vfsqsb { ++ vfsq(@_,2,0); ++} ++sub wfsqsb { ++ vfsq(@_,2,8); ++} ++sub wfsqxb { ++ vfsq(@_,4,8); ++} ++ ++sub vfssb { ++ vfs(@_,2,0); ++} ++sub wfssb { ++ vfs(@_,2,8); ++} ++sub wfsxb { ++ vfs(@_,4,8); ++} ++ ++sub vftcisb { ++ vftci(@_,2,0); ++} ++sub wftcisb { ++ vftci(@_,2,8); ++} ++sub wftcixb { ++ vftci(@_,4,8); ++} ++ ++# VXD - Support Instructions ++ ++sub vlrlr { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSd(0xe637,@_); ++} ++ ++sub vlrl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe635,@_); ++} ++ ++sub vstrlr { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSd(0xe63f,@_); ++} ++ ++sub vstrl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe63d,@_); ++} ++ ++sub vap { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe671,@_); ++} ++ ++sub vcp { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRh(0xe677,@_); ++} ++ ++sub vcvb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRi(0xe650,@_); ++} ++ ++sub vcvbg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRi(0xe652,@_); ++} ++ ++sub vcvd { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIi(0xe658,@_); ++} ++ ++sub vcvdg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIi(0xe65a,@_); ++} ++ ++sub vdp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe67a,@_); ++} ++ ++sub vlip { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIh(0xe649,@_); ++} ++ ++sub vmp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe678,@_); ++} ++ ++sub vmsp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe679,@_); ++} ++ ++sub vpkz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe634,@_); ++} ++ ++sub vpsop { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIg(0xe65b,@_); ++} ++ ++sub vrp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe67b,@_); ++} ++ ++sub vsdp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe67e,@_); ++} ++ ++sub vsrp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIg(0xe659,@_); ++} ++ ++sub vsp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe673,@_); ++} ++ ++sub vtp { ++ confess(err("ARGNUM")) if ($#_!=0); ++ VRRg(0xe65f,@_); ++} ++ ++sub vupkz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe63c,@_); ++} ++ ++# ++# Instruction Formats ++# ++ ++sub RRE { ++ confess(err("ARGNUM")) if ($#_<0||2<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$r2)=(shift,get_R(shift),get_R(shift)); ++ ++ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$r1<<4|$r2)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub RRFb { ++ confess(err("ARGNUM")) if ($#_<3||4<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$r3,$r2,$m4)=(shift,get_R(shift),get_R(shift) ++ ,get_R(shift),get_M(shift)); ++ ++ $out.="\t.long\t" ++ .sprintf("%#010x",($opcode<<16|$r3<<12|$m4<<8|$r1<<4|$r2)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub S { ++ confess(err("ARGNUM")) if ($#_<0||1<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$d2,$b2)=(shift,get_DB(shift)); ++ ++ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$b2<<12|$d2)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIa { ++ confess(err("ARGNUM")) if ($#_<2||3<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$i2,$m3)=(shift,get_V(shift),get_I(shift,16), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; ++ $out.=sprintf("%#06x",$i2).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIb { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$i2,$i3,$m4)=(shift,get_V(shift),get_I(shift,8), ++ ,get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; ++ $out.=sprintf("%#06x",($i2<<8|$i3)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIc { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v3,$i2,$m4)=(shift,get_V(shift),get_V(shift), ++ ,get_I(shift,16),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v3&0xf)).","; ++ $out.=sprintf("%#06x",$i2).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRId { ++ confess(err("ARGNUM")) if ($#_<4||$#_>5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_V(shift),get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$i4)).","; ++ $out.=sprintf("%#06x",($m5<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIe { ++ confess(err("ARGNUM")) if ($#_!=5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$i3,$m4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_I(shift,12),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",($i3<<4|$m5)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIf { ++ confess(err("ARGNUM")) if ($#_!=5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_V(shift),get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)|$i4>>4).","; ++ $out.=sprintf("%#06x",(($i4&0xf)<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIg { ++ confess(err("ARGNUM")) if ($#_!=5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$i3,$i4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_I(shift,8),get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",($i4<<8|$m5<<4|$i3>>4)).","; ++ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$i2,$i3)=(shift,get_V(shift),get_I(shift,16), ++ get_I(shift,4)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; ++ $out.=sprintf("%#06x",$i2).","; ++ $out.=sprintf("%#06x",($i3<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r2,$i3,$m4)=(shift,get_V(shift),get_R(shift), ++ ,get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|$r2).","; ++ $out.=sprintf("%#06x",($m4<<4|$i3>>4)).","; ++ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRa { ++ confess(err("ARGNUM")) if ($#_<2||5<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$m3,$m4,$m5)=(shift,get_V(shift),get_V(shift), ++ get_M(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",($m5<<4|$m4)).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRb { ++ confess(err("ARGNUM")) if ($#_<3||5<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$m4,$m5)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRc { ++ confess(err("ARGNUM")) if ($#_<3||6<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$m4,$m5,$m6)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_M(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<4|$m5)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRd { ++ confess(err("ARGNUM")) if ($#_<4||6<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_V(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<8|$m6<<4)).","; ++ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRe { ++ confess(err("ARGNUM")) if ($#_<4||6<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_V(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<8|$m5)).","; ++ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRf { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r2,$r3)=(shift,get_V(shift),get_R(shift), ++ get_R(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r2)).","; ++ $out.=sprintf("%#06x",($r3<<12)).","; ++ $out.=sprintf("%#06x",(RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRg { ++ confess(err("ARGNUM")) if ($#_!=1); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1)=(shift,get_V(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; ++ $out.=sprintf("%#06x",0x0000).","; ++ $out.=sprintf("%#06x",(RXB(0,$v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRh { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$m3)=(shift,get_V(shift),get_V(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; ++ $out.=sprintf("%#06x",(($v2&0xf)<<12|$m3<<4)).","; ++ $out.=sprintf("%#06x",(RXB(0,$v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRi { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$v2,$m3)=(shift,get_R(shift),get_V(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",($m3<<4))."\,"; ++ $out.=sprintf("%#06x",(RXB(0,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSa { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v3,$d2,$b2,$m4)=(shift,get_V(shift),get_V(shift), ++ get_DB(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v3&0xf))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSb { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r3,$d2,$b2,$m4)=(shift,get_V(shift),get_R(shift), ++ get_DB(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r3)).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSc { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$v3,$d2,$b2,$m4)=(shift,get_R(shift),get_V(shift), ++ get_DB(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v3&0xf))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB(0,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSd { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r3,$d2,$b2)=(shift,get_V(shift),get_R(shift), ++ get_DB(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$r3)).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRV { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$d2,$v2,$b2,$m3)=(shift,get_V(shift),get_DVB(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRX { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$d2,$x2,$b2,$m3)=(shift,get_V(shift),get_DXB(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($x2))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VSI { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$d2,$b2,$i3)=(shift,get_V(shift),get_DB(shift), ++ get_I(shift,8)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$i3)).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++# ++# Internal ++# ++ ++sub get_R { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my $r; ++ ++ for (shift) { ++ if (!defined) { ++ $r=0; ++ } elsif (/^$GR$/) { ++ $r=$1; ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($r&~0xf); ++ ++ return $r; ++} ++ ++sub get_V { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my $v; ++ ++ for (shift) { ++ if (!defined) { ++ $v=0; ++ } elsif (/^$VR$/) { ++ $v=$1; ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($v&~0x1f); ++ ++ return $v; ++} ++ ++sub get_I { ++ confess(err("ARGNUM")) if ($#_!=1); ++ my ($i,$bits)=(shift,shift); ++ ++ $i=defined($i)?(eval($i)):(0); ++ confess(err("PARSE")) if (!defined($i)); ++ confess(err("ARGRANGE")) if (abs($i)&~(2**$bits-1)); ++ ++ return $i&(2**$bits-1); ++} ++ ++sub get_M { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my $m=shift; ++ ++ $m=defined($m)?(eval($m)):(0); ++ confess(err("PARSE")) if (!defined($m)); ++ confess(err("ARGRANGE")) if ($m&~0xf); ++ ++ return $m; ++} ++ ++sub get_DB ++{ ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($d,$b); ++ ++ for (shift) { ++ if (!defined) { ++ ($d,$b)=(0,0); ++ } elsif (/^(.+)\($GR\)$/) { ++ ($d,$b)=(eval($1),$2); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)$/) { ++ ($d,$b)=(eval($1),0); ++ confess(err("PARSE")) if (!defined($d)); ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($d&~0xfff||$b&~0xf); ++ ++ return ($d,$b); ++} ++ ++sub get_DVB ++{ ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($d,$v,$b); ++ ++ for (shift) { ++ if (!defined) { ++ ($d,$v,$b)=(0,0,0); ++ } elsif (/^(.+)\($VR,$GR\)$/) { ++ ($d,$v,$b)=(eval($1),$2,$3); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)\($GR\)$/) { ++ ($d,$v,$b)=(eval($1),0,$2); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)$/) { ++ ($d,$v,$b)=(eval($1),0,0); ++ confess(err("PARSE")) if (!defined($d)); ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($d&~0xfff||$v&~0x1f||$b&~0xf); ++ ++ return ($d,$v,$b); ++} ++ ++sub get_DXB ++{ ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($d,$x,$b); ++ ++ for (shift) { ++ if (!defined) { ++ ($d,$x,$b)=(0,0,0); ++ } elsif (/^(.+)\($GR,$GR\)$/) { ++ ($d,$x,$b)=(eval($1),$2,$3); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)\($GR\)$/) { ++ ($d,$x,$b)=(eval($1),0,$2); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)$/) { ++ ($d,$x,$b)=(eval($1),0,0); ++ confess(err("PARSE")) if (!defined($d)); ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($d&~0xfff||$x&~0xf||$b&~0xf); ++ ++ return ($d,$x,$b); ++} ++ ++sub RXB ++{ ++ confess(err("ARGNUM")) if ($#_<0||3<$#_); ++ my $rxb=0; ++ ++ $rxb|=0x08 if (defined($_[0])&&($_[0]&0x10)); ++ $rxb|=0x04 if (defined($_[1])&&($_[1]&0x10)); ++ $rxb|=0x02 if (defined($_[2])&&($_[2]&0x10)); ++ $rxb|=0x01 if (defined($_[3])&&($_[3]&0x10)); ++ ++ return $rxb; ++} ++ ++sub err { ++ my %ERR = ++ ( ++ ARGNUM => 'Wrong number of arguments', ++ ARGRANGE=> 'Argument out of range', ++ PARSE => 'Parse error', ++ ); ++ confess($ERR{ARGNUM}) if ($#_!=0); ++ ++ return $ERR{$_[0]}; ++} ++ ++1; +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch openssl-1.1.1l/debian/patches/0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch --- openssl-1.1.1l/debian/patches/0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,871 @@ +From bc0ae22ce415e0ac6fca460cbf29dedaf2a646bf Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 25 Feb 2020 17:04:56 +0000 +Subject: [PATCH 04/25] crypto/chacha/asm/chacha-s390x.pl: add vx code path. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Tim Hudson +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/6919) + +(cherry picked from commit f760137b2144740916afd9ff381451fa16c710de) +--- + crypto/chacha/asm/chacha-s390x.pl | 814 ++++++++++++++++++++---------- + 1 file changed, 556 insertions(+), 258 deletions(-) + +diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl +index dd66a9c603..895765e1c4 100755 +--- a/crypto/chacha/asm/chacha-s390x.pl ++++ b/crypto/chacha/asm/chacha-s390x.pl +@@ -20,41 +20,46 @@ + # + # 3 times faster than compiler-generated code. + +-$flavour = shift; ++# ++# August 2018 ++# ++# Add vx code path. ++# ++# Copyright IBM Corp. 2018 ++# Author: Patrick Steuer + ++use strict; ++use FindBin qw($Bin); ++use lib "$Bin/../.."; ++use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); ++ ++my $flavour = shift; ++ ++my ($z,$SIZE_T); + if ($flavour =~ /3[12]/) { ++ $z=0; # S/390 ABI + $SIZE_T=4; +- $g=""; + } else { ++ $z=1; # zSeries ABI + $SIZE_T=8; +- $g="g"; + } + ++my $output; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +-open STDOUT,">$output"; +- +-sub AUTOLOAD() # thunk [simplified] x86-style perlasm +-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; +- $code .= "\t$opcode\t".join(',',@_)."\n"; +-} + + my $sp="%r15"; +- + my $stdframe=16*$SIZE_T+4*8; +-my $frame=$stdframe+4*20; +- +-my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); + + my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); + my @t=map("%r$_",(8,9)); ++my @v=map("%v$_",(16..31)); + + sub ROUND { + my ($a0,$b0,$c0,$d0)=@_; + my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); + my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); + my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); +-my ($xc,$xc_)=map("\"$_\"",@t); +-my @x=map("\"$_\"",@x); ++my ($xc,$xc_)=map("$_",@t); + + # Consider order in which variables are addressed by their + # index: +@@ -78,249 +83,542 @@ my @x=map("\"$_\"",@x); + # 'c' stores and loads in the middle, but none in the beginning + # or end. + +- ( +- "&alr (@x[$a0],@x[$b0])", # Q1 +- "&alr (@x[$a1],@x[$b1])", # Q2 +- "&xr (@x[$d0],@x[$a0])", +- "&xr (@x[$d1],@x[$a1])", +- "&rll (@x[$d0],@x[$d0],16)", +- "&rll (@x[$d1],@x[$d1],16)", +- +- "&alr ($xc,@x[$d0])", +- "&alr ($xc_,@x[$d1])", +- "&xr (@x[$b0],$xc)", +- "&xr (@x[$b1],$xc_)", +- "&rll (@x[$b0],@x[$b0],12)", +- "&rll (@x[$b1],@x[$b1],12)", +- +- "&alr (@x[$a0],@x[$b0])", +- "&alr (@x[$a1],@x[$b1])", +- "&xr (@x[$d0],@x[$a0])", +- "&xr (@x[$d1],@x[$a1])", +- "&rll (@x[$d0],@x[$d0],8)", +- "&rll (@x[$d1],@x[$d1],8)", +- +- "&alr ($xc,@x[$d0])", +- "&alr ($xc_,@x[$d1])", +- "&xr (@x[$b0],$xc)", +- "&xr (@x[$b1],$xc_)", +- "&rll (@x[$b0],@x[$b0],7)", +- "&rll (@x[$b1],@x[$b1],7)", +- +- "&stm ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's +- "&lm ($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')", +- +- "&alr (@x[$a2],@x[$b2])", # Q3 +- "&alr (@x[$a3],@x[$b3])", # Q4 +- "&xr (@x[$d2],@x[$a2])", +- "&xr (@x[$d3],@x[$a3])", +- "&rll (@x[$d2],@x[$d2],16)", +- "&rll (@x[$d3],@x[$d3],16)", +- +- "&alr ($xc,@x[$d2])", +- "&alr ($xc_,@x[$d3])", +- "&xr (@x[$b2],$xc)", +- "&xr (@x[$b3],$xc_)", +- "&rll (@x[$b2],@x[$b2],12)", +- "&rll (@x[$b3],@x[$b3],12)", +- +- "&alr (@x[$a2],@x[$b2])", +- "&alr (@x[$a3],@x[$b3])", +- "&xr (@x[$d2],@x[$a2])", +- "&xr (@x[$d3],@x[$a3])", +- "&rll (@x[$d2],@x[$d2],8)", +- "&rll (@x[$d3],@x[$d3],8)", +- +- "&alr ($xc,@x[$d2])", +- "&alr ($xc_,@x[$d3])", +- "&xr (@x[$b2],$xc)", +- "&xr (@x[$b3],$xc_)", +- "&rll (@x[$b2],@x[$b2],7)", +- "&rll (@x[$b3],@x[$b3],7)" +- ); ++ alr (@x[$a0],@x[$b0]); # Q1 ++ alr (@x[$a1],@x[$b1]); # Q2 ++ xr (@x[$d0],@x[$a0]); ++ xr (@x[$d1],@x[$a1]); ++ rll (@x[$d0],@x[$d0],16); ++ rll (@x[$d1],@x[$d1],16); ++ ++ alr ($xc,@x[$d0]); ++ alr ($xc_,@x[$d1]); ++ xr (@x[$b0],$xc); ++ xr (@x[$b1],$xc_); ++ rll (@x[$b0],@x[$b0],12); ++ rll (@x[$b1],@x[$b1],12); ++ ++ alr (@x[$a0],@x[$b0]); ++ alr (@x[$a1],@x[$b1]); ++ xr (@x[$d0],@x[$a0]); ++ xr (@x[$d1],@x[$a1]); ++ rll (@x[$d0],@x[$d0],8); ++ rll (@x[$d1],@x[$d1],8); ++ ++ alr ($xc,@x[$d0]); ++ alr ($xc_,@x[$d1]); ++ xr (@x[$b0],$xc); ++ xr (@x[$b1],$xc_); ++ rll (@x[$b0],@x[$b0],7); ++ rll (@x[$b1],@x[$b1],7); ++ ++ stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's ++ lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)"); ++ ++ alr (@x[$a2],@x[$b2]); # Q3 ++ alr (@x[$a3],@x[$b3]); # Q4 ++ xr (@x[$d2],@x[$a2]); ++ xr (@x[$d3],@x[$a3]); ++ rll (@x[$d2],@x[$d2],16); ++ rll (@x[$d3],@x[$d3],16); ++ ++ alr ($xc,@x[$d2]); ++ alr ($xc_,@x[$d3]); ++ xr (@x[$b2],$xc); ++ xr (@x[$b3],$xc_); ++ rll (@x[$b2],@x[$b2],12); ++ rll (@x[$b3],@x[$b3],12); ++ ++ alr (@x[$a2],@x[$b2]); ++ alr (@x[$a3],@x[$b3]); ++ xr (@x[$d2],@x[$a2]); ++ xr (@x[$d3],@x[$a3]); ++ rll (@x[$d2],@x[$d2],8); ++ rll (@x[$d3],@x[$d3],8); ++ ++ alr ($xc,@x[$d2]); ++ alr ($xc_,@x[$d3]); ++ xr (@x[$b2],$xc); ++ xr (@x[$b3],$xc_); ++ rll (@x[$b2],@x[$b2],7); ++ rll (@x[$b3],@x[$b3],7); ++} ++ ++sub VX_ROUND { ++my ($a0,$b0,$c0,$d0)=@_; ++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); ++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); ++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++ ++ vaf (@v[$a0],@v[$a0],@v[$b0]); ++ vaf (@v[$a1],@v[$a1],@v[$b1]); ++ vaf (@v[$a2],@v[$a2],@v[$b2]); ++ vaf (@v[$a3],@v[$a3],@v[$b3]); ++ vx (@v[$d0],@v[$d0],@v[$a0]); ++ vx (@v[$d1],@v[$d1],@v[$a1]); ++ vx (@v[$d2],@v[$d2],@v[$a2]); ++ vx (@v[$d3],@v[$d3],@v[$a3]); ++ verllf (@v[$d0],@v[$d0],16); ++ verllf (@v[$d1],@v[$d1],16); ++ verllf (@v[$d2],@v[$d2],16); ++ verllf (@v[$d3],@v[$d3],16); ++ ++ vaf (@v[$c0],@v[$c0],@v[$d0]); ++ vaf (@v[$c1],@v[$c1],@v[$d1]); ++ vaf (@v[$c2],@v[$c2],@v[$d2]); ++ vaf (@v[$c3],@v[$c3],@v[$d3]); ++ vx (@v[$b0],@v[$b0],@v[$c0]); ++ vx (@v[$b1],@v[$b1],@v[$c1]); ++ vx (@v[$b2],@v[$b2],@v[$c2]); ++ vx (@v[$b3],@v[$b3],@v[$c3]); ++ verllf (@v[$b0],@v[$b0],12); ++ verllf (@v[$b1],@v[$b1],12); ++ verllf (@v[$b2],@v[$b2],12); ++ verllf (@v[$b3],@v[$b3],12); ++ ++ vaf (@v[$a0],@v[$a0],@v[$b0]); ++ vaf (@v[$a1],@v[$a1],@v[$b1]); ++ vaf (@v[$a2],@v[$a2],@v[$b2]); ++ vaf (@v[$a3],@v[$a3],@v[$b3]); ++ vx (@v[$d0],@v[$d0],@v[$a0]); ++ vx (@v[$d1],@v[$d1],@v[$a1]); ++ vx (@v[$d2],@v[$d2],@v[$a2]); ++ vx (@v[$d3],@v[$d3],@v[$a3]); ++ verllf (@v[$d0],@v[$d0],8); ++ verllf (@v[$d1],@v[$d1],8); ++ verllf (@v[$d2],@v[$d2],8); ++ verllf (@v[$d3],@v[$d3],8); ++ ++ vaf (@v[$c0],@v[$c0],@v[$d0]); ++ vaf (@v[$c1],@v[$c1],@v[$d1]); ++ vaf (@v[$c2],@v[$c2],@v[$d2]); ++ vaf (@v[$c3],@v[$c3],@v[$d3]); ++ vx (@v[$b0],@v[$b0],@v[$c0]); ++ vx (@v[$b1],@v[$b1],@v[$c1]); ++ vx (@v[$b2],@v[$b2],@v[$c2]); ++ vx (@v[$b3],@v[$b3],@v[$c3]); ++ verllf (@v[$b0],@v[$b0],7); ++ verllf (@v[$b1],@v[$b1],7); ++ verllf (@v[$b2],@v[$b2],7); ++ verllf (@v[$b3],@v[$b3],7); ++} ++ ++PERLASM_BEGIN($output); ++ ++INCLUDE ("s390x_arch.h"); ++TEXT (); ++ ++################ ++# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, ++# const unsigned int key[8], const unsigned int counter[4]) ++{ ++my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); ++ ++# VX CODE PATH ++{ ++my $off=$z*8*16+8; # offset(initial state) ++my $frame=$stdframe+4*16+$off; ++ ++GLOBL ("ChaCha20_ctr32"); ++TYPE ("ChaCha20_ctr32","\@function"); ++ALIGN (32); ++LABEL ("ChaCha20_ctr32"); ++ larl ("%r1","OPENSSL_s390xcap_P"); ++ ++ lghi ("%r0",64); ++&{$z? \&cgr:\&cr} ($len,"%r0"); ++ jle ("_s390x_chacha_novx"); ++ ++ lg ("%r0","S390X_STFLE+16(%r1)"); ++ tmhh ("%r0",0x4000); # check for vector facility ++ jz ("_s390x_chacha_novx"); ++ ++if (!$z) { ++ llgfr ($len,$len); ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); + } ++&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); ++ ++ lghi ("%r1",-$frame); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); # allocate stack frame ++ ++ larl ("%r7",".Lsigma"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); # backchain ++ ++ vstm ("%v8","%v15","8($sp)") if ($z); ++ ++ vlm ("%v1","%v2","0($key)"); # load key ++ vl ("%v0","0(%r7)"); # load sigma constant ++ vl ("%v3","0($counter)"); # load iv (counter||nonce) ++ l ("%r0","0($counter)"); # load counter ++ vstm ("%v0","%v3","$off($sp)"); # copy initial state to stack ++ ++ srlg ("%r1",$len,8); ++ ltgr ("%r1","%r1"); ++ jz (".Lvx_4x_done"); ++ ++ALIGN (16); # process 4 64-byte blocks ++LABEL (".Lvx_4x"); ++ vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial ++ # state ++ vl ("%v31","16(%r7)"); ++ vaf ("%v12","%v12","%v31"); # increment counter ++ ++ vlr (@v[$_],"%v$_") for (0..15); # copy initial state ++ ++ lhi ("%r6",10); ++ j (".Loop_vx_4x"); ++ ++ALIGN (16); ++LABEL (".Loop_vx_4x"); ++ VX_ROUND( 0, 4, 8,12); # column round ++ VX_ROUND( 0, 5,10,15); # diagonal round ++ brct ("%r6",".Loop_vx_4x"); ++ ++ vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial ++ # state (mod 32) ++ vlm ("%v6","%v7","32(%r7)"); # load vperm operands ++ ++for (0..3) { # blocks 1,2 ++ vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) ++ vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]); ++ vperm ("%v".($_+ 8),"%v0","%v1","%v6"); ++ vperm ("%v".($_+12),"%v0","%v1","%v7"); ++} ++ vlm ("%v0","%v7","0($inp)"); # load in ++ vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks ++ vstm ("%v0","%v7","0($out)"); # store out ++ ++ vlm ("%v6","%v7","32(%r7)"); # restore vperm operands ++ ++for (0..3) { # blocks 2,3 ++ vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) ++ vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]); ++ vperm ("%v".($_+ 8),"%v0","%v1","%v6"); ++ vperm ("%v".($_+12),"%v0","%v1","%v7"); ++} ++ vlm ("%v0","%v7","128($inp)"); # load in ++ vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks ++ vstm ("%v0","%v7","128($out)"); # store out ++ ++ ahi ("%r0",4); ++ st ("%r0","48+$off($sp)"); # update initial state ++ ++ la ($inp,"256($inp)"); ++ la ($out,"256($out)"); ++ brctg ("%r1",".Lvx_4x"); ++ ++ALIGN (16); ++LABEL (".Lvx_4x_done"); ++ lghi ("%r1",0xff); ++ ngr ($len,"%r1"); ++ jnz (".Lvx_rem"); ++ ++ALIGN (16); ++LABEL (".Lvx_done"); ++ vzero ("%v$_") for (16..31); # wipe ks and key copy ++ vstm ("%v16","%v17","16+$off($sp)"); ++ vlm ("%v8","%v15","8($sp)") if ($z); ++ ++ la ($sp,"$frame($sp)"); ++&{$z? \&lmg:\&lm} ("%r6","%r7","6*$SIZE_T($sp)"); ++ ++if (!$z) { ++ ld ("%f4","16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","16*$SIZE_T+3*8($sp)"); ++ vzero ("%v$_") for (8..15); ++} ++ br ("%r14"); ++ALIGN (16); ++LABEL (".Lvx_rem"); ++ lhi ("%r0",64); ++ ++ sr ($len,"%r0"); ++ brc (2,".Lvx_rem_g64"); # cc==2? ++ ++ lghi ("%r1",-$stdframe); ++ ++ la ($counter,"48+$off($sp)"); # load updated iv ++ ar ($len,"%r0"); # restore len ++ ++ lgr ("%r7",$counter); ++&{$z? \&stg:\&st} ("%r14","14*$SIZE_T+$frame($sp)"); ++ la ($sp,"0(%r1,$sp)"); ++ ++ bras ("%r14","_s390x_chacha_novx"); ++ ++ la ($sp,"$stdframe($sp)"); ++&{$z? \&lg:\&l} ("%r14","14*$SIZE_T+$frame($sp)"); ++ lgr ($counter,"%r7"); ++ j (".Lvx_done"); ++ ++ALIGN (16); ++LABEL (".Lvx_rem_g64"); ++ vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial ++ # state ++ vl ("%v31","16(%r7)"); ++ vaf ("%v12","%v12","%v31"); # increment counter + +-$code.=<<___; +-.text +- +-.globl ChaCha20_ctr32 +-.type ChaCha20_ctr32,\@function +-.align 32 +-ChaCha20_ctr32: +- lt${g}r $len,$len # $len==0? +- bzr %r14 +- a${g}hi $len,-64 +- l${g}hi %r1,-$frame +- stm${g} %r6,%r15,`6*$SIZE_T`($sp) +- sl${g}r $out,$inp # difference +- la $len,0($inp,$len) # end of input minus 64 +- larl %r7,.Lsigma +- lgr %r0,$sp +- la $sp,0(%r1,$sp) +- st${g} %r0,0($sp) +- +- lmg %r8,%r11,0($key) # load key +- lmg %r12,%r13,0($counter) # load counter +- lmg %r6,%r7,0(%r7) # load sigma constant +- +- la %r14,0($inp) +- st${g} $out,$frame+3*$SIZE_T($sp) +- st${g} $len,$frame+4*$SIZE_T($sp) +- stmg %r6,%r13,$stdframe($sp) # copy key schedule to stack +- srlg @x[12],%r12,32 # 32-bit counter value +- j .Loop_outer +- +-.align 16 +-.Loop_outer: +- lm @x[0],@x[7],$stdframe+4*0($sp) # load x[0]-x[7] +- lm @t[0],@t[1],$stdframe+4*10($sp) # load x[10]-x[11] +- lm @x[13],@x[15],$stdframe+4*13($sp) # load x[13]-x[15] +- stm @t[0],@t[1],$stdframe+4*8+4*10($sp) # offload x[10]-x[11] +- lm @t[0],@t[1],$stdframe+4*8($sp) # load x[8]-x[9] +- st @x[12],$stdframe+4*12($sp) # save counter +- st${g} %r14,$frame+2*$SIZE_T($sp) # save input pointer +- lhi %r14,10 +- j .Loop +- +-.align 4 +-.Loop: +-___ +- foreach (&ROUND(0, 4, 8,12)) { eval; } +- foreach (&ROUND(0, 5,10,15)) { eval; } +-$code.=<<___; +- brct %r14,.Loop +- +- l${g} %r14,$frame+2*$SIZE_T($sp) # pull input pointer +- stm @t[0],@t[1],$stdframe+4*8+4*8($sp) # offload x[8]-x[9] +- lm${g} @t[0],@t[1],$frame+3*$SIZE_T($sp) +- +- al @x[0],$stdframe+4*0($sp) # accumulate key schedule +- al @x[1],$stdframe+4*1($sp) +- al @x[2],$stdframe+4*2($sp) +- al @x[3],$stdframe+4*3($sp) +- al @x[4],$stdframe+4*4($sp) +- al @x[5],$stdframe+4*5($sp) +- al @x[6],$stdframe+4*6($sp) +- al @x[7],$stdframe+4*7($sp) +- lrvr @x[0],@x[0] +- lrvr @x[1],@x[1] +- lrvr @x[2],@x[2] +- lrvr @x[3],@x[3] +- lrvr @x[4],@x[4] +- lrvr @x[5],@x[5] +- lrvr @x[6],@x[6] +- lrvr @x[7],@x[7] +- al @x[12],$stdframe+4*12($sp) +- al @x[13],$stdframe+4*13($sp) +- al @x[14],$stdframe+4*14($sp) +- al @x[15],$stdframe+4*15($sp) +- lrvr @x[12],@x[12] +- lrvr @x[13],@x[13] +- lrvr @x[14],@x[14] +- lrvr @x[15],@x[15] +- +- la @t[0],0(@t[0],%r14) # reconstruct output pointer +- cl${g}r %r14,@t[1] +- jh .Ltail +- +- x @x[0],4*0(%r14) # xor with input +- x @x[1],4*1(%r14) +- st @x[0],4*0(@t[0]) # store output +- x @x[2],4*2(%r14) +- st @x[1],4*1(@t[0]) +- x @x[3],4*3(%r14) +- st @x[2],4*2(@t[0]) +- x @x[4],4*4(%r14) +- st @x[3],4*3(@t[0]) +- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) # load x[8]-x[11] +- x @x[5],4*5(%r14) +- st @x[4],4*4(@t[0]) +- x @x[6],4*6(%r14) +- al @x[0],$stdframe+4*8($sp) +- st @x[5],4*5(@t[0]) +- x @x[7],4*7(%r14) +- al @x[1],$stdframe+4*9($sp) +- st @x[6],4*6(@t[0]) +- x @x[12],4*12(%r14) +- al @x[2],$stdframe+4*10($sp) +- st @x[7],4*7(@t[0]) +- x @x[13],4*13(%r14) +- al @x[3],$stdframe+4*11($sp) +- st @x[12],4*12(@t[0]) +- x @x[14],4*14(%r14) +- st @x[13],4*13(@t[0]) +- x @x[15],4*15(%r14) +- st @x[14],4*14(@t[0]) +- lrvr @x[0],@x[0] +- st @x[15],4*15(@t[0]) +- lrvr @x[1],@x[1] +- lrvr @x[2],@x[2] +- lrvr @x[3],@x[3] +- lhi @x[12],1 +- x @x[0],4*8(%r14) +- al @x[12],$stdframe+4*12($sp) # increment counter +- x @x[1],4*9(%r14) +- st @x[0],4*8(@t[0]) +- x @x[2],4*10(%r14) +- st @x[1],4*9(@t[0]) +- x @x[3],4*11(%r14) +- st @x[2],4*10(@t[0]) +- st @x[3],4*11(@t[0]) +- +- cl${g}r %r14,@t[1] # done yet? +- la %r14,64(%r14) +- jl .Loop_outer +- +-.Ldone: +- xgr %r0,%r0 +- xgr %r1,%r1 +- xgr %r2,%r2 +- xgr %r3,%r3 +- stmg %r0,%r3,$stdframe+4*4($sp) # wipe key copy +- stmg %r0,%r3,$stdframe+4*12($sp) +- +- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) +- br %r14 +- +-.align 16 +-.Ltail: +- la @t[1],64($t[1]) +- stm @x[0],@x[7],$stdframe+4*0($sp) +- sl${g}r @t[1],%r14 +- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) +- l${g}hi @x[6],0 +- stm @x[12],@x[15],$stdframe+4*12($sp) +- al @x[0],$stdframe+4*8($sp) +- al @x[1],$stdframe+4*9($sp) +- al @x[2],$stdframe+4*10($sp) +- al @x[3],$stdframe+4*11($sp) +- lrvr @x[0],@x[0] +- lrvr @x[1],@x[1] +- lrvr @x[2],@x[2] +- lrvr @x[3],@x[3] +- stm @x[0],@x[3],$stdframe+4*8($sp) +- +-.Loop_tail: +- llgc @x[4],0(@x[6],%r14) +- llgc @x[5],$stdframe(@x[6],$sp) +- xr @x[5],@x[4] +- stc @x[5],0(@x[6],@t[0]) +- la @x[6],1(@x[6]) +- brct @t[1],.Loop_tail +- +- j .Ldone +-.size ChaCha20_ctr32,.-ChaCha20_ctr32 +- +-.align 32 +-.Lsigma: +-.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 # endian-neutral +-.asciz "ChaCha20 for s390x, CRYPTOGAMS by " +-.align 4 +-___ +- +-foreach (split("\n",$code)) { +- s/\`([^\`]*)\`/eval $1/ge; +- +- print $_,"\n"; ++ vlr (@v[$_],"%v$_") for (0..15); # state = initial state ++ ++ lhi ("%r6",10); ++ j (".Loop_vx_rem"); ++ ++ALIGN (16); ++LABEL (".Loop_vx_rem"); ++ VX_ROUND( 0, 4, 8,12); # column round ++ VX_ROUND( 0, 5,10,15); # diagonal round ++ brct ("%r6",".Loop_vx_rem"); ++ ++ vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial ++ # state (mod 32) ++ vlm ("%v6","%v7","32(%r7)"); # load vperm operands ++ ++for (0..3) { # blocks 1,2 ++ vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) ++ vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]); ++ vperm ("%v".($_+8),"%v0","%v1","%v6"); ++ vperm ("%v".($_+12),"%v0","%v1","%v7"); ++} ++ vlm ("%v0","%v3","0($inp)"); # load in ++ vx ("%v$_","%v$_","%v".($_+8)) for (0..3); # out = in ^ ks ++ vstm ("%v0","%v3","0($out)"); # store out ++ ++ la ($inp,"64($inp)"); ++ la ($out,"64($out)"); ++ ++ sr ($len,"%r0"); ++ brc (4,".Lvx_tail"); # cc==4? ++ ++ vlm ("%v0","%v3","0($inp)"); # load in ++ vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks ++ vstm ("%v0","%v3","0($out)"); # store out ++ jz (".Lvx_done"); ++ ++for (0..3) { # blocks 3,4 ++ vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) ++ vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]); ++ vperm ("%v".($_+12),"%v0","%v1","%v6"); ++ vperm ("%v".($_+8),"%v0","%v1","%v7"); ++} ++ la ($inp,"64($inp)"); ++ la ($out,"64($out)"); ++ ++ sr ($len,"%r0"); ++ brc (4,".Lvx_tail"); # cc==4? ++ ++ vlm ("%v0","%v3","0($inp)"); # load in ++ vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks ++ vstm ("%v0","%v3","0($out)"); # store out ++ jz (".Lvx_done"); ++ ++ la ($inp,"64($inp)"); ++ la ($out,"64($out)"); ++ ++ sr ($len,"%r0"); ++ vlr ("%v".($_+4),"%v$_") for (8..11); ++ j (".Lvx_tail"); ++ ++ALIGN (16); ++LABEL (".Lvx_tail"); ++ ar ($len,"%r0"); # restore $len ++ ahi ($len,-1); ++ ++ lhi ("%r0",16); ++for (0..2) { ++ vll ("%v0",$len,($_*16)."($inp)"); ++ vx ("%v0","%v0","%v".($_+12)); ++ vstl ("%v0",$len,($_*16)."($out)"); ++ sr ($len,"%r0"); ++ brc (4,".Lvx_done"); # cc==4? ++} ++ vll ("%v0",$len,"3*16($inp)"); ++ vx ("%v0","%v0","%v15"); ++ vstl ("%v0",$len,"3*16($out)"); ++ j (".Lvx_done"); ++SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32"); ++} ++ ++# NOVX CODE PATH ++{ ++my $frame=$stdframe+4*20; ++ ++TYPE ("_s390x_chacha_novx","\@function"); ++ALIGN (32); ++LABEL ("_s390x_chacha_novx"); ++&{$z? \<gr:\<r} ($len,$len); # $len==0? ++ bzr ("%r14"); ++&{$z? \&aghi:\&ahi} ($len,-64); ++&{$z? \&lghi:\&lhi} ("%r1",-$frame); ++&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)"); ++&{$z? \&slgr:\&slr} ($out,$inp); # difference ++ la ($len,"0($inp,$len)"); # end of input minus 64 ++ larl ("%r7",".Lsigma"); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); ++ ++ lmg ("%r8","%r11","0($key)"); # load key ++ lmg ("%r12","%r13","0($counter)"); # load counter ++ lmg ("%r6","%r7","0(%r7)"); # load sigma constant ++ ++ la ("%r14","0($inp)"); ++&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)"); ++&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)"); ++ stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack ++ srlg (@x[12],"%r12",32); # 32-bit counter value ++ j (".Loop_outer"); ++ ++ALIGN (16); ++LABEL (".Loop_outer"); ++ lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7] ++ lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11] ++ lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15] ++ stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11] ++ lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9] ++ st (@x[12],"$stdframe+4*12($sp)"); # save counter ++&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer ++ lhi ("%r14",10); ++ j (".Loop"); ++ ++ALIGN (4); ++LABEL (".Loop"); ++ ROUND (0, 4, 8,12); ++ ROUND (0, 5,10,15); ++ brct ("%r14",".Loop"); ++ ++&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer ++ stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9] ++&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)"); ++ ++ al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule ++ al (@x[1],"$stdframe+4*1($sp)"); ++ al (@x[2],"$stdframe+4*2($sp)"); ++ al (@x[3],"$stdframe+4*3($sp)"); ++ al (@x[4],"$stdframe+4*4($sp)"); ++ al (@x[5],"$stdframe+4*5($sp)"); ++ al (@x[6],"$stdframe+4*6($sp)"); ++ al (@x[7],"$stdframe+4*7($sp)"); ++ lrvr (@x[0],@x[0]); ++ lrvr (@x[1],@x[1]); ++ lrvr (@x[2],@x[2]); ++ lrvr (@x[3],@x[3]); ++ lrvr (@x[4],@x[4]); ++ lrvr (@x[5],@x[5]); ++ lrvr (@x[6],@x[6]); ++ lrvr (@x[7],@x[7]); ++ al (@x[12],"$stdframe+4*12($sp)"); ++ al (@x[13],"$stdframe+4*13($sp)"); ++ al (@x[14],"$stdframe+4*14($sp)"); ++ al (@x[15],"$stdframe+4*15($sp)"); ++ lrvr (@x[12],@x[12]); ++ lrvr (@x[13],@x[13]); ++ lrvr (@x[14],@x[14]); ++ lrvr (@x[15],@x[15]); ++ ++ la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer ++&{$z? \&clgr:\&clr} ("%r14",@t[1]); ++ jh (".Ltail"); ++ ++ x (@x[0],"4*0(%r14)"); # xor with input ++ x (@x[1],"4*1(%r14)"); ++ st (@x[0],"4*0(@t[0])"); # store output ++ x (@x[2],"4*2(%r14)"); ++ st (@x[1],"4*1(@t[0])"); ++ x (@x[3],"4*3(%r14)"); ++ st (@x[2],"4*2(@t[0])"); ++ x (@x[4],"4*4(%r14)"); ++ st (@x[3],"4*3(@t[0])"); ++ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11] ++ x (@x[5],"4*5(%r14)"); ++ st (@x[4],"4*4(@t[0])"); ++ x (@x[6],"4*6(%r14)"); ++ al (@x[0],"$stdframe+4*8($sp)"); ++ st (@x[5],"4*5(@t[0])"); ++ x (@x[7],"4*7(%r14)"); ++ al (@x[1],"$stdframe+4*9($sp)"); ++ st (@x[6],"4*6(@t[0])"); ++ x (@x[12],"4*12(%r14)"); ++ al (@x[2],"$stdframe+4*10($sp)"); ++ st (@x[7],"4*7(@t[0])"); ++ x (@x[13],"4*13(%r14)"); ++ al (@x[3],"$stdframe+4*11($sp)"); ++ st (@x[12],"4*12(@t[0])"); ++ x (@x[14],"4*14(%r14)"); ++ st (@x[13],"4*13(@t[0])"); ++ x (@x[15],"4*15(%r14)"); ++ st (@x[14],"4*14(@t[0])"); ++ lrvr (@x[0],@x[0]); ++ st (@x[15],"4*15(@t[0])"); ++ lrvr (@x[1],@x[1]); ++ lrvr (@x[2],@x[2]); ++ lrvr (@x[3],@x[3]); ++ lhi (@x[12],1); ++ x (@x[0],"4*8(%r14)"); ++ al (@x[12],"$stdframe+4*12($sp)"); # increment counter ++ x (@x[1],"4*9(%r14)"); ++ st (@x[0],"4*8(@t[0])"); ++ x (@x[2],"4*10(%r14)"); ++ st (@x[1],"4*9(@t[0])"); ++ x (@x[3],"4*11(%r14)"); ++ st (@x[2],"4*10(@t[0])"); ++ st (@x[3],"4*11(@t[0])"); ++ ++&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet? ++ la ("%r14","64(%r14)"); ++ jl (".Loop_outer"); ++ ++LABEL (".Ldone"); ++ xgr ("%r0","%r0"); ++ xgr ("%r1","%r1"); ++ xgr ("%r2","%r2"); ++ xgr ("%r3","%r3"); ++ stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy ++ stmg ("%r0","%r3","$stdframe+4*12($sp)"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)"); ++ br ("%r14"); ++ ++ALIGN (16); ++LABEL (".Ltail"); ++ la (@t[1],"64($t[1])"); ++ stm (@x[0],@x[7],"$stdframe+4*0($sp)"); ++&{$z? \&slgr:\&slr} (@t[1],"%r14"); ++ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); ++&{$z? \&lghi:\&lhi} (@x[6],0); ++ stm (@x[12],@x[15],"$stdframe+4*12($sp)"); ++ al (@x[0],"$stdframe+4*8($sp)"); ++ al (@x[1],"$stdframe+4*9($sp)"); ++ al (@x[2],"$stdframe+4*10($sp)"); ++ al (@x[3],"$stdframe+4*11($sp)"); ++ lrvr (@x[0],@x[0]); ++ lrvr (@x[1],@x[1]); ++ lrvr (@x[2],@x[2]); ++ lrvr (@x[3],@x[3]); ++ stm (@x[0],@x[3],"$stdframe+4*8($sp)"); ++ ++LABEL (".Loop_tail"); ++ llgc (@x[4],"0(@x[6],%r14)"); ++ llgc (@x[5],"$stdframe(@x[6],$sp)"); ++ xr (@x[5],@x[4]); ++ stc (@x[5],"0(@x[6],@t[0])"); ++ la (@x[6],"1(@x[6])"); ++ brct (@t[1],".Loop_tail"); ++ ++ j (".Ldone"); ++SIZE ("_s390x_chacha_novx",".-_s390x_chacha_novx"); ++} + } +-close STDOUT or die "error closing STDOUT: $!"; ++################ ++ ++ALIGN (64); ++LABEL (".Lsigma"); ++LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma ++LONG (0x00000000,0x00000001,0x00000002,0x00000003); # vaf counter increment ++LONG (0x03020100,0x07060504,0x13121110,0x17161514); # vperm serialization ++LONG (0x0b0a0908,0x0f0e0d0c,0x1b1a1918,0x1f1e1d1c); # vperm serialization ++ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by \""); ++ALIGN (4); ++ ++PERLASM_END(); +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch openssl-1.1.1l/debian/patches/0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch --- openssl-1.1.1l/debian/patches/0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,1009 @@ +From 967df20c4ecc617946da7fde921d7ffd6a34d9a1 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 25 Feb 2020 17:06:24 +0000 +Subject: [PATCH 05/25] crypto/poly1305/asm/poly1305-s390x.pl: add vx code + path. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Matt Caswell +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/7991) + +(cherry picked from commit d6f4b0a8bfbe901c72294d8923eb5b6f54ca7732) +--- + crypto/poly1305/asm/poly1305-s390x.pl | 944 +++++++++++++++++++++----- + 1 file changed, 780 insertions(+), 164 deletions(-) + +diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl +index bcc8fd3b88..9a545a694e 100755 +--- a/crypto/poly1305/asm/poly1305-s390x.pl ++++ b/crypto/poly1305/asm/poly1305-s390x.pl +@@ -24,204 +24,820 @@ + # + # On side note, z13 enables vector base 2^26 implementation... + +-$flavour = shift; ++# ++# January 2019 ++# ++# Add vx code path (base 2^26). ++# ++# Copyright IBM Corp. 2019 ++# Author: Patrick Steuer + ++use strict; ++use FindBin qw($Bin); ++use lib "$Bin/../.."; ++use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL); ++ ++my $flavour = shift; ++ ++my ($z,$SIZE_T); + if ($flavour =~ /3[12]/) { ++ $z=0; # S/390 ABI + $SIZE_T=4; +- $g=""; + } else { ++ $z=1; # zSeries ABI + $SIZE_T=8; +- $g="g"; + } + ++my $output; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +-open STDOUT,">$output"; + +-$sp="%r15"; ++my $sp="%r15"; ++ ++# novx code path ctx layout ++# --------------------------------- ++# var value base off ++# --------------------------------- ++# u64 h[3] hash 2^64 0 ++# u32 pad[2] ++# u64 r[2] key 2^64 32 ++ ++# vx code path ctx layout ++# --------------------------------- ++# var value base off ++# --------------------------------- ++# u32 acc1[5] r^2-acc 2^26 0 ++# u32 pad ++# u32 acc2[5] r-acc 2^26 24 ++# u32 pad ++# u32 r1[5] r 2^26 48 ++# u32 r15[5] 5*r 2^26 68 ++# u32 r2[5] r^2 2^26 88 ++# u32 r25[5] 5*r^2 2^26 108 ++# u32 r4[5] r^4 2^26 128 ++# u32 r45[5] 5*r^4 2^26 148 ++ ++PERLASM_BEGIN($output); ++ ++TEXT (); ++ ++################ ++# static void poly1305_init(void *ctx, const unsigned char key[16]) ++{ ++my ($ctx,$key)=map("%r$_",(2..3)); ++my ($r0,$r1,$r2)=map("%r$_",(9,11,13)); + +-my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); ++sub MUL_RKEY { # r*=key ++my ($d0hi,$d0lo,$d1hi,$d1lo)=map("%r$_",(4..7)); ++my ($t0,$t1,$s1)=map("%r$_",(8,10,12)); ++ ++ lg ("%r0","32($ctx)"); ++ lg ("%r1","40($ctx)"); ++ ++ srlg ($s1,"%r1",2); ++ algr ($s1,"%r1"); ++ ++ lgr ($d0lo,$r0); ++ lgr ($d1lo,$r1); ++ ++ mlgr ($d0hi,"%r0"); ++ lgr ($r1,$d1lo); ++ mlgr ($d1hi,$s1); ++ ++ mlgr ($t0,"%r1"); ++ mlgr ($t1,"%r0"); ++ ++ algr ($d0lo,$d1lo); ++ lgr ($d1lo,$r2); ++ alcgr ($d0hi,$d1hi); ++ lghi ($d1hi,0); ++ ++ algr ($r1,$r0); ++ alcgr ($t1,$t0); ++ ++ msgr ($d1lo,$s1); ++ msgr ($r2,"%r0"); ++ ++ algr ($r1,$d1lo); ++ alcgr ($t1,$d1hi); ++ ++ algr ($r1,$d0hi); ++ alcgr ($r2,$t1); ++ ++ lghi ($r0,-4); ++ ngr ($r0,$r2); ++ srlg ($t0,$r2,2); ++ algr ($r0,$t0); ++ lghi ($t1,3); ++ ngr ($r2,$t1); ++ ++ algr ($r0,$d0lo); ++ alcgr ($r1,$d1hi); ++ alcgr ($r2,$d1hi); ++} ++ ++sub ST_R5R { # store r,5*r -> base 2^26 ++my @d=map("%r$_",(4..8)); ++my @off=@_; ++ ++ lgr (@d[2],$r0); ++ lr ("%r1",@d[2]); ++ nilh ("%r1",1023); ++ lgr (@d[3],$r1); ++ lr (@d[0],"%r1"); ++ srlg ("%r1",@d[2],52); ++ lgr (@d[4],$r2); ++ srlg ("%r0",@d[2],26); ++ sll (@d[4],24); ++ lr (@d[2],@d[3]); ++ nilh ("%r0",1023); ++ sll (@d[2],12); ++ lr (@d[1],"%r0"); ++ &or (@d[2],"%r1"); ++ srlg ("%r1",@d[3],40); ++ nilh (@d[2],1023); ++ &or (@d[4],"%r1"); ++ srlg (@d[3],@d[3],14); ++ nilh (@d[4],1023); ++ nilh (@d[3],1023); ++ ++ stm (@d[0],@d[4],"@off[0]($ctx)"); ++ mhi (@d[$_],5) for (0..4); ++ stm (@d[0],@d[4],"@off[1]($ctx)"); ++} + +-$code.=<<___; +-.text +- +-.globl poly1305_init +-.type poly1305_init,\@function +-.align 16 +-poly1305_init: +- lghi %r0,0 +- lghi %r1,-1 +- stg %r0,0($ctx) # zero hash value +- stg %r0,8($ctx) +- stg %r0,16($ctx) +- +- cl${g}r $inp,%r0 +- je .Lno_key +- +- lrvg %r4,0($inp) # load little-endian key +- lrvg %r5,8($inp) +- +- nihl %r1,0xffc0 # 0xffffffc0ffffffff +- srlg %r0,%r1,4 # 0x0ffffffc0fffffff +- srlg %r1,%r1,4 +- nill %r1,0xfffc # 0x0ffffffc0ffffffc +- +- ngr %r4,%r0 +- ngr %r5,%r1 +- +- stg %r4,32($ctx) +- stg %r5,40($ctx) +- +-.Lno_key: +- lghi %r2,0 +- br %r14 +-.size poly1305_init,.-poly1305_init +-___ ++GLOBL ("poly1305_init"); ++TYPE ("poly1305_init","\@function"); ++ALIGN (16); ++LABEL ("poly1305_init"); ++ lghi ("%r0",0); ++ lghi ("%r1",-1); ++ stg ("%r0","0($ctx)"); # zero hash value / acc1 ++ stg ("%r0","8($ctx)"); ++ stg ("%r0","16($ctx)"); ++ ++&{$z? \&clgr:\&clr} ($key,"%r0"); ++ je (".Ldone"); ++ ++ lrvg ("%r4","0($key)"); # load little-endian key ++ lrvg ("%r5","8($key)"); ++ ++ nihl ("%r1",0xffc0); # 0xffffffc0ffffffff ++ srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff ++ srlg ("%r1","%r1",4); ++ nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc ++ ++ ngr ("%r4","%r0"); ++ ngr ("%r5","%r1"); ++ ++ stg ("%r4","32($ctx)"); ++ stg ("%r5","40($ctx)"); ++ ++ larl ("%r1","OPENSSL_s390xcap_P"); ++ lg ("%r0","16(%r1)"); ++ tmhh ("%r0",0x4000); # check for vector facility ++ jz (".Ldone"); ++ ++ larl ("%r4","poly1305_blocks_vx"); ++ larl ("%r5","poly1305_emit_vx"); ++ ++&{$z? \&stmg:\&stm} ("%r6","%r13","6*$SIZE_T($sp)"); ++&{$z? \&stmg:\&stm} ("%r4","%r5","4*$z+228($ctx)"); ++ ++ lg ($r0,"32($ctx)"); ++ lg ($r1,"40($ctx)"); ++ lghi ($r2,0); ++ ++ ST_R5R (48,68); # store r,5*r ++ ++ MUL_RKEY(); ++ ST_R5R (88,108); # store r^2,5*r^2 ++ ++ MUL_RKEY(); ++ MUL_RKEY(); ++ ST_R5R (128,148); # store r^4,5*r^4 ++ ++ lghi ("%r0",0); ++ stg ("%r0","24($ctx)"); # zero acc2 ++ stg ("%r0","32($ctx)"); ++ stg ("%r0","40($ctx)"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r13","6*$SIZE_T($sp)"); ++ lghi ("%r2",1); ++ br ("%r14"); ++ ++LABEL (".Ldone"); ++ lghi ("%r2",0); ++ br ("%r14"); ++SIZE ("poly1305_init",".-poly1305_init"); ++} ++ ++# VX CODE PATH + { +-my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14)); +-my ($r0,$r1,$s1) = map("%r$_",(0..2)); ++my $frame=8*16; ++my @m01=map("%v$_",(0..4)); ++my @m23=map("%v$_",(5..9)); ++my @tmp=@m23; ++my @acc=map("%v$_",(10..14)); ++my @r=map("%v$_",(15..19)); ++my @r5=map("%v$_",(20..24)); ++my $padvec="%v26"; ++my $mask4="%v27"; ++my @vperm=map("%v$_",(28..30)); ++my $mask="%v31"; ++ ++sub REDUCE { ++ vesrlg (@tmp[0],@acc[0],26); ++ vesrlg (@tmp[3],@acc[3],26); ++ vn (@acc[0],@acc[0],$mask); ++ vn (@acc[3],@acc[3],$mask); ++ vag (@acc[1],@acc[1],@tmp[0]); # carry 0->1 ++ vag (@acc[4],@acc[4],@tmp[3]); # carry 3->4 ++ ++ vesrlg (@tmp[1],@acc[1],26); ++ vesrlg (@tmp[4],@acc[4],26); ++ vn (@acc[1],@acc[1],$mask); ++ vn (@acc[4],@acc[4],$mask); ++ veslg (@tmp[0],@tmp[4],2); ++ vag (@tmp[4],@tmp[4],@tmp[0]); # h[4]*=5 ++ vag (@acc[2],@acc[2],@tmp[1]); # carry 1->2 ++ vag (@acc[0],@acc[0],@tmp[4]); # carry 4->0 ++ ++ vesrlg (@tmp[2],@acc[2],26); ++ vesrlg (@tmp[0],@acc[0],26); ++ vn (@acc[2],@acc[2],$mask); ++ vn (@acc[0],@acc[0],$mask); ++ vag (@acc[3],@acc[3],@tmp[2]); # carry 2->3 ++ vag (@acc[1],@acc[1],@tmp[0]); # carry 0->1 ++ ++ vesrlg (@tmp[3],@acc[3],26); ++ vn (@acc[3],@acc[3],$mask); ++ vag (@acc[4],@acc[4],@tmp[3]); # carry 3->4 ++} + +-$code.=<<___; +-.globl poly1305_blocks +-.type poly1305_blocks,\@function +-.align 16 +-poly1305_blocks: +- srl${g} $len,4 # fixed-up in 64-bit build +- lghi %r0,0 +- cl${g}r $len,%r0 +- je .Lno_data ++################ ++# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp, ++# size_t len, u32 padbit) ++{ ++my ($ctx,$inp,$len) = map("%r$_",(2..4)); ++my $padbit="%r0"; ++ ++GLOBL ("poly1305_blocks_vx"); ++TYPE ("poly1305_blocks_vx","\@function"); ++ALIGN (16); ++LABEL ("poly1305_blocks_vx"); ++if ($z) { ++ aghi ($sp,-$frame); ++ vstm ("%v8","%v15","0($sp)"); ++} else { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++ llgfr ($len,$len); ++} ++ llgfr ($padbit,"%r5"); ++ vlef (@acc[$_],"4*$_($ctx)",1) for (0..4); # load acc1 ++ larl ("%r5",".Lconst"); ++ vlef (@acc[$_],"24+4*$_($ctx)",3) for (0..4); # load acc2 ++ sllg ($padbit,$padbit,24); ++ vlm (@vperm[0],$mask,"0(%r5)"); # load vperm ops, mask ++ vgbm ($mask4,0x0707); ++ vlvgp ($padvec,$padbit,$padbit); ++ ++ srlg ("%r1",$len,6); ++ ltgr ("%r1","%r1"); ++ jz (".Lvx_4x_done"); ++ ++ALIGN (16); ++LABEL (".Lvx_4x"); ++ vlm ("%v20","%v23","0($inp)"); # load m0,m1,m2,m3 ++ ++ # m01,m23 -> base 2^26 ++ ++ vperm (@m01[0],"%v20","%v21",@vperm[0]); ++ vperm (@m23[0],"%v22","%v23",@vperm[0]); ++ vperm (@m01[2],"%v20","%v21",@vperm[1]); ++ vperm (@m23[2],"%v22","%v23",@vperm[1]); ++ vperm (@m01[4],"%v20","%v21",@vperm[2]); ++ vperm (@m23[4],"%v22","%v23",@vperm[2]); ++ ++ vesrlg (@m01[1],@m01[0],26); ++ vesrlg (@m23[1],@m23[0],26); ++ vesrlg (@m01[3],@m01[2],30); ++ vesrlg (@m23[3],@m23[2],30); ++ vesrlg (@m01[2],@m01[2],4); ++ vesrlg (@m23[2],@m23[2],4); ++ ++ vn (@m01[4],@m01[4],$mask4); ++ vn (@m23[4],@m23[4],$mask4); ++for (0..3) { ++ vn (@m01[$_],@m01[$_],$mask); ++ vn (@m23[$_],@m23[$_],$mask); ++} ++ vaf (@m01[4],@m01[4],$padvec); # pad m01 ++ vaf (@m23[4],@m23[4],$padvec); # pad m23 ++ ++ # acc = acc * r^4 + m01 * r^2 + m23 ++ ++ vlrepf (@r5[$_],"4*$_+108($ctx)") for (0..4); # load 5*r^2 ++ vlrepf (@r[$_],"4*$_+88($ctx)") for (0..4); # load r^2 ++ ++ vmalof (@tmp[0],@m01[4],@r5[1],@m23[0]); ++ vmalof (@tmp[1],@m01[4],@r5[2],@m23[1]); ++ vmalof (@tmp[2],@m01[4],@r5[3],@m23[2]); ++ vmalof (@tmp[3],@m01[4],@r5[4],@m23[3]); ++ vmalof (@tmp[4],@m01[4],@r[0],@m23[4]); ++ ++ vmalof (@tmp[0],@m01[3],@r5[2],@tmp[0]); ++ vmalof (@tmp[1],@m01[3],@r5[3],@tmp[1]); ++ vmalof (@tmp[2],@m01[3],@r5[4],@tmp[2]); ++ vmalof (@tmp[3],@m01[3],@r[0],@tmp[3]); ++ vmalof (@tmp[4],@m01[3],@r[1],@tmp[4]); ++ ++ vmalof (@tmp[0],@m01[2],@r5[3],@tmp[0]); ++ vmalof (@tmp[1],@m01[2],@r5[4],@tmp[1]); ++ vmalof (@tmp[2],@m01[2],@r[0],@tmp[2]); ++ vmalof (@tmp[3],@m01[2],@r[1],@tmp[3]); ++ vmalof (@tmp[4],@m01[2],@r[2],@tmp[4]); ++ ++ vmalof (@tmp[0],@m01[1],@r5[4],@tmp[0]); ++ vmalof (@tmp[1],@m01[1],@r[0],@tmp[1]); ++ vmalof (@tmp[2],@m01[1],@r[1],@tmp[2]); ++ vmalof (@tmp[3],@m01[1],@r[2],@tmp[3]); ++ vmalof (@tmp[4],@m01[1],@r[3],@tmp[4]); ++ ++ vmalof (@tmp[0],@m01[0],@r[0],@tmp[0]); ++ vmalof (@tmp[1],@m01[0],@r[1],@tmp[1]); ++ vmalof (@tmp[2],@m01[0],@r[2],@tmp[2]); ++ vmalof (@tmp[3],@m01[0],@r[3],@tmp[3]); ++ vmalof (@tmp[4],@m01[0],@r[4],@tmp[4]); ++ ++ vlrepf (@r5[$_],"4*$_+148($ctx)") for (0..4); # load 5*r^4 ++ vlrepf (@r[$_],"4*$_+128($ctx)") for (0..4); # load r^4 ++ ++ vmalof (@tmp[0],@acc[4],@r5[1],@tmp[0]); ++ vmalof (@tmp[1],@acc[4],@r5[2],@tmp[1]); ++ vmalof (@tmp[2],@acc[4],@r5[3],@tmp[2]); ++ vmalof (@tmp[3],@acc[4],@r5[4],@tmp[3]); ++ vmalof (@tmp[4],@acc[4],@r[0],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); ++ vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); ++ vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); ++ vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); ++ vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); ++ vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); ++ vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); ++ vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); ++ vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); ++ vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); ++ vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); ++ vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); ++ vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); ++ ++ vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); ++ vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); ++ vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); ++ vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); ++ vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); ++ ++ REDUCE (); ++ ++ la ($inp,"64($inp)"); ++ brctg ("%r1",".Lvx_4x"); ++ ++ALIGN (16); ++LABEL (".Lvx_4x_done"); ++ tml ($len,32); ++ jz (".Lvx_2x_done"); ++ ++ vlm ("%v20","%v21","0($inp)"); # load m0,m1 ++ ++ # m01 -> base 2^26 ++ ++ vperm (@m01[0],"%v20","%v21",@vperm[0]); ++ vperm (@m01[2],"%v20","%v21",@vperm[1]); ++ vperm (@m01[4],"%v20","%v21",@vperm[2]); ++ ++ vesrlg (@m01[1],@m01[0],26); ++ vesrlg (@m01[3],@m01[2],30); ++ vesrlg (@m01[2],@m01[2],4); ++ ++ vn (@m01[4],@m01[4],$mask4); ++ vn (@m01[$_],@m01[$_],$mask) for (0..3); ++ ++ vaf (@m01[4],@m01[4],$padvec); # pad m01 ++ ++ # acc = acc * r^2+ m01 ++ ++ vlrepf (@r5[$_],"4*$_+108($ctx)") for (0..4); # load 5*r^2 ++ vlrepf (@r[$_],"4*$_+88($ctx)") for (0..4); # load r^2 ++ ++ vmalof (@tmp[0],@acc[4],@r5[1],@m01[0]); ++ vmalof (@tmp[1],@acc[4],@r5[2],@m01[1]); ++ vmalof (@tmp[2],@acc[4],@r5[3],@m01[2]); ++ vmalof (@tmp[3],@acc[4],@r5[4],@m01[3]); ++ vmalof (@tmp[4],@acc[4],@r[0],@m01[4]); ++ ++ vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); ++ vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); ++ vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); ++ vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); ++ vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); ++ vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); ++ vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); ++ vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); ++ vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); ++ vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); ++ vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); ++ vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); ++ vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); ++ ++ vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); ++ vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); ++ vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); ++ vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); ++ vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); ++ ++ REDUCE (); ++ ++ la ($inp,"32($inp)"); ++ ++ALIGN (16); ++LABEL (".Lvx_2x_done"); ++ tml ($len,16); ++ jz (".Lvx_done"); ++ ++ vleig ($padvec,0,0); ++ ++ vzero ("%v20"); ++ vl ("%v21","0($inp)"); # load m0 ++ ++ # m0 -> base 2^26 ++ ++ vperm (@m01[0],"%v20","%v21",@vperm[0]); ++ vperm (@m01[2],"%v20","%v21",@vperm[1]); ++ vperm (@m01[4],"%v20","%v21",@vperm[2]); ++ ++ vesrlg (@m01[1],@m01[0],26); ++ vesrlg (@m01[3],@m01[2],30); ++ vesrlg (@m01[2],@m01[2],4); ++ ++ vn (@m01[4],@m01[4],$mask4); ++ vn (@m01[$_],@m01[$_],$mask) for (0..3); ++ ++ vaf (@m01[4],@m01[4],$padvec); # pad m0 ++ ++ # acc = acc * r + m01 ++ ++ vlrepf (@r5[$_],"4*$_+68($ctx)") for (0..4); # load 5*r ++ vlrepf (@r[$_],"4*$_+48($ctx)") for (0..4); # load r ++ ++ vmalof (@tmp[0],@acc[4],@r5[1],@m01[0]); ++ vmalof (@tmp[1],@acc[4],@r5[2],@m01[1]); ++ vmalof (@tmp[2],@acc[4],@r5[3],@m01[2]); ++ vmalof (@tmp[3],@acc[4],@r5[4],@m01[3]); ++ vmalof (@tmp[4],@acc[4],@r[0],@m01[4]); ++ ++ vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); ++ vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); ++ vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); ++ vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); ++ vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); ++ vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); ++ vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); ++ vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); ++ vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); ++ vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); ++ vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); ++ vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); ++ vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); ++ ++ vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); ++ vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); ++ vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); ++ vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); ++ vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); ++ ++ REDUCE (); ++ ++ALIGN (16); ++LABEL (".Lvx_done"); ++ vstef (@acc[$_],"4*$_($ctx)",1) for (0..4); # store acc ++ vstef (@acc[$_],"24+4*$_($ctx)",3) for (0..4); ++ ++if ($z) { ++ vlm ("%v8","%v15","0($sp)"); ++ la ($sp,"$frame($sp)"); ++} else { ++ ld ("%f4","16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++ br ("%r14"); ++SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx"); ++} + +- stm${g} %r6,%r14,`6*$SIZE_T`($sp) ++################ ++# static void poly1305_emit_vx(void *ctx, unsigned char mac[16], ++# const u32 nonce[4]) ++{ ++my ($ctx,$mac,$nonce) = map("%r$_",(2..4)); ++ ++GLOBL ("poly1305_emit_vx"); ++TYPE ("poly1305_emit_vx","\@function"); ++ALIGN (16); ++LABEL ("poly1305_emit_vx"); ++if ($z) { ++ aghi ($sp,-$frame); ++ vstm ("%v8","%v15","0($sp)"); ++} else { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++ larl ("%r5",".Lconst"); + +- llgfr $padbit,$padbit # clear upper half, much needed with ++ vlef (@acc[$_],"4*$_($ctx)",1) for (0..4); # load acc1 ++ vlef (@acc[$_],"24+4*$_($ctx)",3) for (0..4); # load acc2 ++ vlef (@r5[$_],"108+4*$_($ctx)",1) for (0..4); # load 5*r^2 ++ vlef (@r[$_],"88+4*$_($ctx)",1) for (0..4); # load r^2 ++ vlef (@r5[$_],"68+4*$_($ctx)",3) for (0..4); # load 5*r ++ vlef (@r[$_],"48+4*$_($ctx)",3) for (0..4); # load r ++ vl ($mask,"48(%r5)"); # load mask ++ ++ # acc = acc1 * r^2 + acc2 * r ++ ++ vmlof (@tmp[0],@acc[4],@r5[1]); ++ vmlof (@tmp[1],@acc[4],@r5[2]); ++ vmlof (@tmp[2],@acc[4],@r5[3]); ++ vmlof (@tmp[3],@acc[4],@r5[4]); ++ vmlof (@tmp[4],@acc[4],@r[0]); ++ ++ vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); ++ vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); ++ vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); ++ vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); ++ vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); ++ vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); ++ vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); ++ vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); ++ vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); ++ ++ vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); ++ vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); ++ vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); ++ vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); ++ vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); ++ ++ vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); ++ vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); ++ vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); ++ vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); ++ vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); ++ ++ vzero ("%v27"); ++ vsumqg (@acc[$_],@acc[$_],"%v27") for (0..4); ++ ++ REDUCE (); ++ ++ vesrlg (@tmp[1],@acc[1],26); ++ vn (@acc[1],@acc[1],$mask); ++ vag (@acc[2],@acc[2],@tmp[1]); # carry 1->2 ++ ++ vesrlg (@tmp[2],@acc[2],26); ++ vn (@acc[2],@acc[2],$mask); ++ vag (@acc[3],@acc[3],@tmp[2]); # carry 2->3 ++ ++ vesrlg (@tmp[3],@acc[3],26); ++ vn (@acc[3],@acc[3],$mask); ++ vag (@acc[4],@acc[4],@tmp[3]); # carry 3->4 ++ ++ # acc -> base 2^64 ++ vleib ("%v30",6*8,7); ++ vleib ("%v29",13*8,7); ++ vleib ("%v28",3*8,7); ++ ++ veslg (@acc[1],@acc[1],26); ++ veslg (@acc[3],@acc[3],26); ++ vo (@acc[0],@acc[0],@acc[1]); ++ vo (@acc[2],@acc[2],@acc[3]); ++ ++ veslg (@acc[2],@acc[2],4); ++ vslb (@acc[2],@acc[2],"%v30"); # <<52 ++ vo (@acc[0],@acc[0],@acc[2]); ++ ++ vslb (@tmp[4],@acc[4],"%v29"); # <<104 ++ vo (@acc[0],@acc[0],@tmp[4]); ++ ++ vsrlb (@acc[1],@acc[4],"%v28"); # >>24 ++ ++ # acc %= 2^130-5 ++ vone ("%v26"); ++ vleig ("%v27",5,1); ++ vone ("%v29"); ++ vleig ("%v26",-4,1); ++ ++ vaq (@tmp[0],@acc[0],"%v27"); ++ vaccq (@tmp[1],@acc[0],"%v27"); ++ ++ vaq (@tmp[1],@tmp[1],"%v26"); ++ vaccq (@tmp[1],@tmp[1],@acc[1]); ++ ++ vaq (@tmp[1],@tmp[1],"%v29"); ++ ++ vn (@tmp[2],@tmp[1],@acc[0]); ++ vnc (@tmp[3],@tmp[0],@tmp[1]); ++ vo (@acc[0],@tmp[2],@tmp[3]); ++ ++ # acc += nonce ++ vl (@vperm[0],"64(%r5)"); ++ vlef (@tmp[0],"4*$_($nonce)",3-$_) for (0..3); ++ ++ vaq (@acc[0],@acc[0],@tmp[0]); ++ ++ vperm (@acc[0],@acc[0],@acc[0],@vperm[0]); ++ vst (@acc[0],"0($mac)"); # store mac ++ ++if ($z) { ++ vlm ("%v8","%v15","0($sp)"); ++ la ($sp,"$frame($sp)"); ++} else { ++ ld ("%f4","16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++ br ("%r14"); ++SIZE ("poly1305_emit_vx",".-poly1305_emit_vx"); ++} ++} ++ ++# NOVX CODE PATH ++{ ++################ ++# static void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, ++# u32 padbit) ++{ ++my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); ++ ++my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14)); ++my ($r0,$r1,$s1) = map("%r$_",(0..2)); ++GLOBL ("poly1305_blocks"); ++TYPE ("poly1305_blocks","\@function"); ++ALIGN (16); ++LABEL ("poly1305_blocks"); ++$z? srlg ($len,$len,4) :srl ($len,4); ++ lghi ("%r0",0); ++&{$z? \&clgr:\&clr} ($len,"%r0"); ++ je (".Lno_data"); ++ ++&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); ++ ++ llgfr ($padbit,$padbit); # clear upper half, much needed with + # non-64-bit ABI +- lg $r0,32($ctx) # load key +- lg $r1,40($ctx) ++ lg ($r0,"32($ctx)"); # load key ++ lg ($r1,"40($ctx)"); + +- lg $h0,0($ctx) # load hash value +- lg $h1,8($ctx) +- lg $h2,16($ctx) ++ lg ($h0,"0($ctx)"); # load hash value ++ lg ($h1,"8($ctx)"); ++ lg ($h2,"16($ctx)"); + +- st$g $ctx,`2*$SIZE_T`($sp) # off-load $ctx +- srlg $s1,$r1,2 +- algr $s1,$r1 # s1 = r1 + r1>>2 +- j .Loop ++&{$z? \&stg:\&st} ($ctx,"2*$SIZE_T($sp)"); # off-load $ctx ++ srlg ($s1,$r1,2); ++ algr ($s1,$r1); # s1 = r1 + r1>>2 ++ j (".Loop"); + +-.align 16 +-.Loop: +- lrvg $d0lo,0($inp) # load little-endian input +- lrvg $d1lo,8($inp) +- la $inp,16($inp) ++ALIGN (16); ++LABEL (".Loop"); ++ lrvg ($d0lo,"0($inp)"); # load little-endian input ++ lrvg ($d1lo,"8($inp)"); ++ la ($inp,"16($inp)"); + +- algr $d0lo,$h0 # accumulate input +- alcgr $d1lo,$h1 ++ algr ($d0lo,$h0); # accumulate input ++ alcgr ($d1lo,$h1); + +- lgr $h0,$d0lo +- mlgr $d0hi,$r0 # h0*r0 -> $d0hi:$d0lo +- lgr $h1,$d1lo +- mlgr $d1hi,$s1 # h1*5*r1 -> $d1hi:$d1lo ++ lgr ($h0,$d0lo); ++ mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo ++ lgr ($h1,$d1lo); ++ mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo + +- mlgr $t0,$r1 # h0*r1 -> $t0:$h0 +- mlgr $t1,$r0 # h1*r0 -> $t1:$h1 +- alcgr $h2,$padbit ++ mlgr ($t0,$r1); # h0*r1 -> $t0:$h0 ++ mlgr ($t1,$r0); # h1*r0 -> $t1:$h1 ++ alcgr ($h2,$padbit); + +- algr $d0lo,$d1lo +- lgr $d1lo,$h2 +- alcgr $d0hi,$d1hi +- lghi $d1hi,0 ++ algr ($d0lo,$d1lo); ++ lgr ($d1lo,$h2); ++ alcgr ($d0hi,$d1hi); ++ lghi ($d1hi,0); + +- algr $h1,$h0 +- alcgr $t1,$t0 ++ algr ($h1,$h0); ++ alcgr ($t1,$t0); + +- msgr $d1lo,$s1 # h2*s1 +- msgr $h2,$r0 # h2*r0 ++ msgr ($d1lo,$s1); # h2*s1 ++ msgr ($h2,$r0); # h2*r0 + +- algr $h1,$d1lo +- alcgr $t1,$d1hi # $d1hi is zero ++ algr ($h1,$d1lo); ++ alcgr ($t1,$d1hi); # $d1hi is zero + +- algr $h1,$d0hi +- alcgr $h2,$t1 ++ algr ($h1,$d0hi); ++ alcgr ($h2,$t1); + +- lghi $h0,-4 # final reduction step +- ngr $h0,$h2 +- srlg $t0,$h2,2 +- algr $h0,$t0 +- lghi $t1,3 +- ngr $h2,$t1 ++ lghi ($h0,-4); # final reduction step ++ ngr ($h0,$h2); ++ srlg ($t0,$h2,2); ++ algr ($h0,$t0); ++ lghi ($t1,3); ++ ngr ($h2,$t1); + +- algr $h0,$d0lo +- alcgr $h1,$d1hi # $d1hi is still zero +- alcgr $h2,$d1hi # $d1hi is still zero ++ algr ($h0,$d0lo); ++ alcgr ($h1,$d1hi); # $d1hi is still zero ++ alcgr ($h2,$d1hi); # $d1hi is still zero + +- brct$g $len,.Loop ++&{$z? \&brctg:\&brct} ($len,".Loop"); + +- l$g $ctx,`2*$SIZE_T`($sp) # restore $ctx ++&{$z? \&lg:\&l} ($ctx,"2*$SIZE_T($sp)");# restore $ctx + +- stg $h0,0($ctx) # store hash value +- stg $h1,8($ctx) +- stg $h2,16($ctx) ++ stg ($h0,"0($ctx)"); # store hash value ++ stg ($h1,"8($ctx)"); ++ stg ($h2,"16($ctx)"); + +- lm${g} %r6,%r14,`6*$SIZE_T`($sp) +-.Lno_data: +- br %r14 +-.size poly1305_blocks,.-poly1305_blocks +-___ ++&{$z? \&lmg:\&lm} ("%r6","%r14","6*$SIZE_T($sp)"); ++LABEL (".Lno_data"); ++ br ("%r14"); ++SIZE ("poly1305_blocks",".-poly1305_blocks"); + } ++ ++################ ++# static void poly1305_emit(void *ctx, unsigned char mac[16], ++# const u32 nonce[4]) + { +-my ($mac,$nonce)=($inp,$len); ++my ($ctx,$mac,$nonce) = map("%r$_",(2..4)); + my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9)); + +-$code.=<<___; +-.globl poly1305_emit +-.type poly1305_emit,\@function +-.align 16 +-poly1305_emit: +- stm${g} %r6,%r9,`6*$SIZE_T`($sp) +- +- lg $h0,0($ctx) +- lg $h1,8($ctx) +- lg $h2,16($ctx) +- +- lghi %r0,5 +- lghi %r1,0 +- lgr $d0,$h0 +- lgr $d1,$h1 +- +- algr $h0,%r0 # compare to modulus +- alcgr $h1,%r1 +- alcgr $h2,%r1 +- +- srlg $h2,$h2,2 # did it borrow/carry? +- slgr %r1,$h2 # 0-$h2>>2 +- lg $h2,0($nonce) # load nonce +- lghi %r0,-1 +- lg $ctx,8($nonce) +- xgr %r0,%r1 # ~%r1 +- +- ngr $h0,%r1 +- ngr $d0,%r0 +- ngr $h1,%r1 +- ngr $d1,%r0 +- ogr $h0,$d0 +- rllg $d0,$h2,32 # flip nonce words +- ogr $h1,$d1 +- rllg $d1,$ctx,32 +- +- algr $h0,$d0 # accumulate nonce +- alcgr $h1,$d1 +- +- strvg $h0,0($mac) # write little-endian result +- strvg $h1,8($mac) +- +- lm${g} %r6,%r9,`6*$SIZE_T`($sp) +- br %r14 +-.size poly1305_emit,.-poly1305_emit +- +-.string "Poly1305 for s390x, CRYPTOGAMS by " +-___ +-} +- +-$code =~ s/\`([^\`]*)\`/eval $1/gem; +-$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm; +- +-print $code; +-close STDOUT or die "error closing STDOUT: $!"; ++GLOBL ("poly1305_emit"); ++TYPE ("poly1305_emit","\@function"); ++ALIGN (16); ++LABEL ("poly1305_emit"); ++&{$z? \&stmg:\&stm} ("%r6","%r9","6*$SIZE_T($sp)"); ++ ++ lg ($h0,"0($ctx)"); ++ lg ($h1,"8($ctx)"); ++ lg ($h2,"16($ctx)"); ++ ++ lghi ("%r0",5); ++ lghi ("%r1",0); ++ lgr ($d0,$h0); ++ lgr ($d1,$h1); ++ ++ algr ($h0,"%r0"); # compare to modulus ++ alcgr ($h1,"%r1"); ++ alcgr ($h2,"%r1"); ++ ++ srlg ($h2,$h2,2); # did it borrow/carry? ++ slgr ("%r1",$h2); # 0-$h2>>2 ++ lg ($h2,"0($nonce)"); # load nonce ++ lghi ("%r0",-1); ++ lg ($ctx,"8($nonce)"); ++ xgr ("%r0","%r1"); # ~%r1 ++ ++ ngr ($h0,"%r1"); ++ ngr ($d0,"%r0"); ++ ngr ($h1,"%r1"); ++ ngr ($d1,"%r0"); ++ ogr ($h0,$d0); ++ rllg ($d0,$h2,32); # flip nonce words ++ ogr ($h1,$d1); ++ rllg ($d1,$ctx,32); ++ ++ algr ($h0,$d0); # accumulate nonce ++ alcgr ($h1,$d1); ++ ++ strvg ($h0,"0($mac)"); # write little-endian result ++ strvg ($h1,"8($mac)"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r9","6*$SIZE_T($sp)"); ++ br ("%r14"); ++SIZE ("poly1305_emit",".-poly1305_emit"); ++} ++} ++################ ++ ++ALIGN (128); ++LABEL (".Lconst"); ++LONG (0x00060504,0x03020100,0x00161514,0x13121110); # vperm op[m[1],m[0]] ++LONG (0x000c0b0a,0x09080706,0x001c1b1a,0x19181716); # vperm op[m[3],m[2]] ++LONG (0x00000000,0x000f0e0d,0x00000000,0x001f1e1d); # vperm op[ - ,m[4]] ++LONG (0x00000000,0x03ffffff,0x00000000,0x03ffffff); # [0,2^26-1,0,2^26-1] ++LONG (0x0f0e0d0c,0x0b0a0908,0x07060504,0x03020100); # vperm op endian ++STRING ("\"Poly1305 for s390x, CRYPTOGAMS by \""); ++ ++PERLASM_END(); +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch openssl-1.1.1l/debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch --- openssl-1.1.1l/debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,33 @@ +From b857d3affccf870501f7b9de34f837a1a2575046 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Fri, 15 Feb 2019 22:59:09 +0100 +Subject: [PATCH 06/25] s390x assembly pack: fix formal interface bug in chacha + module + +Signed-off-by: Patrick Steuer + +Reviewed-by: Tim Hudson +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8257) + +(cherry picked from commit b2b580fe445e064da50c13d3e00f71022da16ece) +--- + crypto/chacha/asm/chacha-s390x.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl +index 895765e1c4..2843bb1eb6 100755 +--- a/crypto/chacha/asm/chacha-s390x.pl ++++ b/crypto/chacha/asm/chacha-s390x.pl +@@ -225,7 +225,7 @@ LABEL ("ChaCha20_ctr32"); + larl ("%r1","OPENSSL_s390xcap_P"); + + lghi ("%r0",64); +-&{$z? \&cgr:\&cr} ($len,"%r0"); ++&{$z? \&clgr:\&clr} ($len,"%r0"); + jle ("_s390x_chacha_novx"); + + lg ("%r0","S390X_STFLE+16(%r1)"); +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch openssl-1.1.1l/debian/patches/0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch --- openssl-1.1.1l/debian/patches/0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,1096 @@ +From 006c89bb635bbe67ce3f3452bd51efa6e6a142c6 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Mon, 25 Feb 2019 18:55:04 +0100 +Subject: [PATCH 07/25] s390x assembly pack: import chacha from cryptogams repo + +featuring 6x"horizontal" code path which is up to 25% +faster than present 4x"vertical" for larger blocks. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Matt Caswell +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8287) + +(cherry picked from commit d1229190bfbb19439589557e4d65f9bccab09b2d) +--- + crypto/chacha/asm/chacha-s390x.pl | 1006 +++++++++++++++++++++-------- + 1 file changed, 719 insertions(+), 287 deletions(-) + +diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl +index 2843bb1eb6..040ce391c0 100755 +--- a/crypto/chacha/asm/chacha-s390x.pl ++++ b/crypto/chacha/asm/chacha-s390x.pl +@@ -23,11 +23,20 @@ + # + # August 2018 + # +-# Add vx code path. ++# Add vx code path: 4x"vertical". + # + # Copyright IBM Corp. 2018 + # Author: Patrick Steuer + ++# ++# February 2019 ++# ++# Add 6x"horizontal" VX implementation. It's ~25% faster than IBM's ++# 4x"vertical" submission [on z13] and >3 faster than scalar code. ++# But to harness overheads revert to transliteration of VSX code path ++# from chacha-ppc module, which is also 4x"vertical", to handle inputs ++# not longer than 256 bytes. ++ + use strict; + use FindBin qw($Bin); + use lib "$Bin/../.."; +@@ -50,11 +59,9 @@ while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + my $sp="%r15"; + my $stdframe=16*$SIZE_T+4*8; + ++sub ROUND { + my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); + my @t=map("%r$_",(8,9)); +-my @v=map("%v$_",(16..31)); +- +-sub ROUND { + my ($a0,$b0,$c0,$d0)=@_; + my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); + my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); +@@ -143,63 +150,92 @@ my ($xc,$xc_)=map("$_",@t); + rll (@x[$b3],@x[$b3],7); + } + +-sub VX_ROUND { ++sub VX_lane_ROUND { + my ($a0,$b0,$c0,$d0)=@_; + my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); + my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); + my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++my @x=map("%v$_",(0..15)); ++ ++ vaf (@x[$a0],@x[$a0],@x[$b0]); # Q1 ++ vx (@x[$d0],@x[$d0],@x[$a0]); ++ verllf (@x[$d0],@x[$d0],16); ++ vaf (@x[$a1],@x[$a1],@x[$b1]); # Q2 ++ vx (@x[$d1],@x[$d1],@x[$a1]); ++ verllf (@x[$d1],@x[$d1],16); ++ vaf (@x[$a2],@x[$a2],@x[$b2]); # Q3 ++ vx (@x[$d2],@x[$d2],@x[$a2]); ++ verllf (@x[$d2],@x[$d2],16); ++ vaf (@x[$a3],@x[$a3],@x[$b3]); # Q4 ++ vx (@x[$d3],@x[$d3],@x[$a3]); ++ verllf (@x[$d3],@x[$d3],16); ++ ++ vaf (@x[$c0],@x[$c0],@x[$d0]); ++ vx (@x[$b0],@x[$b0],@x[$c0]); ++ verllf (@x[$b0],@x[$b0],12); ++ vaf (@x[$c1],@x[$c1],@x[$d1]); ++ vx (@x[$b1],@x[$b1],@x[$c1]); ++ verllf (@x[$b1],@x[$b1],12); ++ vaf (@x[$c2],@x[$c2],@x[$d2]); ++ vx (@x[$b2],@x[$b2],@x[$c2]); ++ verllf (@x[$b2],@x[$b2],12); ++ vaf (@x[$c3],@x[$c3],@x[$d3]); ++ vx (@x[$b3],@x[$b3],@x[$c3]); ++ verllf (@x[$b3],@x[$b3],12); ++ ++ vaf (@x[$a0],@x[$a0],@x[$b0]); ++ vx (@x[$d0],@x[$d0],@x[$a0]); ++ verllf (@x[$d0],@x[$d0],8); ++ vaf (@x[$a1],@x[$a1],@x[$b1]); ++ vx (@x[$d1],@x[$d1],@x[$a1]); ++ verllf (@x[$d1],@x[$d1],8); ++ vaf (@x[$a2],@x[$a2],@x[$b2]); ++ vx (@x[$d2],@x[$d2],@x[$a2]); ++ verllf (@x[$d2],@x[$d2],8); ++ vaf (@x[$a3],@x[$a3],@x[$b3]); ++ vx (@x[$d3],@x[$d3],@x[$a3]); ++ verllf (@x[$d3],@x[$d3],8); ++ ++ vaf (@x[$c0],@x[$c0],@x[$d0]); ++ vx (@x[$b0],@x[$b0],@x[$c0]); ++ verllf (@x[$b0],@x[$b0],7); ++ vaf (@x[$c1],@x[$c1],@x[$d1]); ++ vx (@x[$b1],@x[$b1],@x[$c1]); ++ verllf (@x[$b1],@x[$b1],7); ++ vaf (@x[$c2],@x[$c2],@x[$d2]); ++ vx (@x[$b2],@x[$b2],@x[$c2]); ++ verllf (@x[$b2],@x[$b2],7); ++ vaf (@x[$c3],@x[$c3],@x[$d3]); ++ vx (@x[$b3],@x[$b3],@x[$c3]); ++ verllf (@x[$b3],@x[$b3],7); ++} + +- vaf (@v[$a0],@v[$a0],@v[$b0]); +- vaf (@v[$a1],@v[$a1],@v[$b1]); +- vaf (@v[$a2],@v[$a2],@v[$b2]); +- vaf (@v[$a3],@v[$a3],@v[$b3]); +- vx (@v[$d0],@v[$d0],@v[$a0]); +- vx (@v[$d1],@v[$d1],@v[$a1]); +- vx (@v[$d2],@v[$d2],@v[$a2]); +- vx (@v[$d3],@v[$d3],@v[$a3]); +- verllf (@v[$d0],@v[$d0],16); +- verllf (@v[$d1],@v[$d1],16); +- verllf (@v[$d2],@v[$d2],16); +- verllf (@v[$d3],@v[$d3],16); +- +- vaf (@v[$c0],@v[$c0],@v[$d0]); +- vaf (@v[$c1],@v[$c1],@v[$d1]); +- vaf (@v[$c2],@v[$c2],@v[$d2]); +- vaf (@v[$c3],@v[$c3],@v[$d3]); +- vx (@v[$b0],@v[$b0],@v[$c0]); +- vx (@v[$b1],@v[$b1],@v[$c1]); +- vx (@v[$b2],@v[$b2],@v[$c2]); +- vx (@v[$b3],@v[$b3],@v[$c3]); +- verllf (@v[$b0],@v[$b0],12); +- verllf (@v[$b1],@v[$b1],12); +- verllf (@v[$b2],@v[$b2],12); +- verllf (@v[$b3],@v[$b3],12); +- +- vaf (@v[$a0],@v[$a0],@v[$b0]); +- vaf (@v[$a1],@v[$a1],@v[$b1]); +- vaf (@v[$a2],@v[$a2],@v[$b2]); +- vaf (@v[$a3],@v[$a3],@v[$b3]); +- vx (@v[$d0],@v[$d0],@v[$a0]); +- vx (@v[$d1],@v[$d1],@v[$a1]); +- vx (@v[$d2],@v[$d2],@v[$a2]); +- vx (@v[$d3],@v[$d3],@v[$a3]); +- verllf (@v[$d0],@v[$d0],8); +- verllf (@v[$d1],@v[$d1],8); +- verllf (@v[$d2],@v[$d2],8); +- verllf (@v[$d3],@v[$d3],8); +- +- vaf (@v[$c0],@v[$c0],@v[$d0]); +- vaf (@v[$c1],@v[$c1],@v[$d1]); +- vaf (@v[$c2],@v[$c2],@v[$d2]); +- vaf (@v[$c3],@v[$c3],@v[$d3]); +- vx (@v[$b0],@v[$b0],@v[$c0]); +- vx (@v[$b1],@v[$b1],@v[$c1]); +- vx (@v[$b2],@v[$b2],@v[$c2]); +- vx (@v[$b3],@v[$b3],@v[$c3]); +- verllf (@v[$b0],@v[$b0],7); +- verllf (@v[$b1],@v[$b1],7); +- verllf (@v[$b2],@v[$b2],7); +- verllf (@v[$b3],@v[$b3],7); ++sub VX_ROUND { ++my @a=@_[0..5]; ++my @b=@_[6..11]; ++my @c=@_[12..17]; ++my @d=@_[18..23]; ++my $odd=@_[24]; ++ ++ vaf (@a[$_],@a[$_],@b[$_]) for (0..5); ++ vx (@d[$_],@d[$_],@a[$_]) for (0..5); ++ verllf (@d[$_],@d[$_],16) for (0..5); ++ ++ vaf (@c[$_],@c[$_],@d[$_]) for (0..5); ++ vx (@b[$_],@b[$_],@c[$_]) for (0..5); ++ verllf (@b[$_],@b[$_],12) for (0..5); ++ ++ vaf (@a[$_],@a[$_],@b[$_]) for (0..5); ++ vx (@d[$_],@d[$_],@a[$_]) for (0..5); ++ verllf (@d[$_],@d[$_],8) for (0..5); ++ ++ vaf (@c[$_],@c[$_],@d[$_]) for (0..5); ++ vx (@b[$_],@b[$_],@c[$_]) for (0..5); ++ verllf (@b[$_],@b[$_],7) for (0..5); ++ ++ vsldb (@c[$_],@c[$_],@c[$_],8) for (0..5); ++ vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5); ++ vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5); + } + + PERLASM_BEGIN($output); +@@ -210,13 +246,11 @@ TEXT (); + ################ + # void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, + # const unsigned int key[8], const unsigned int counter[4]) +-{ + my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); +- +-# VX CODE PATH + { +-my $off=$z*8*16+8; # offset(initial state) +-my $frame=$stdframe+4*16+$off; ++my $frame=$stdframe+4*20; ++my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); ++my @t=map("%r$_",(8,9)); + + GLOBL ("ChaCha20_ctr32"); + TYPE ("ChaCha20_ctr32","\@function"); +@@ -225,230 +259,16 @@ LABEL ("ChaCha20_ctr32"); + larl ("%r1","OPENSSL_s390xcap_P"); + + lghi ("%r0",64); ++&{$z? \<gr:\<r} ($len,$len); # len==0? ++ bzr ("%r14"); ++ lg ("%r1","S390X_STFLE+16(%r1)"); + &{$z? \&clgr:\&clr} ($len,"%r0"); +- jle ("_s390x_chacha_novx"); +- +- lg ("%r0","S390X_STFLE+16(%r1)"); +- tmhh ("%r0",0x4000); # check for vector facility +- jz ("_s390x_chacha_novx"); +- +-if (!$z) { +- llgfr ($len,$len); +- std ("%f4","16*$SIZE_T+2*8($sp)"); +- std ("%f6","16*$SIZE_T+3*8($sp)"); +-} +-&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); ++ jle (".Lshort"); + +- lghi ("%r1",-$frame); +- lgr ("%r0",$sp); +- la ($sp,"0(%r1,$sp)"); # allocate stack frame ++ tmhh ("%r1",0x4000); # check for vx bit ++ jnz (".LChaCha20_ctr32_vx"); + +- larl ("%r7",".Lsigma"); +-&{$z? \&stg:\&st} ("%r0","0($sp)"); # backchain +- +- vstm ("%v8","%v15","8($sp)") if ($z); +- +- vlm ("%v1","%v2","0($key)"); # load key +- vl ("%v0","0(%r7)"); # load sigma constant +- vl ("%v3","0($counter)"); # load iv (counter||nonce) +- l ("%r0","0($counter)"); # load counter +- vstm ("%v0","%v3","$off($sp)"); # copy initial state to stack +- +- srlg ("%r1",$len,8); +- ltgr ("%r1","%r1"); +- jz (".Lvx_4x_done"); +- +-ALIGN (16); # process 4 64-byte blocks +-LABEL (".Lvx_4x"); +- vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial +- # state +- vl ("%v31","16(%r7)"); +- vaf ("%v12","%v12","%v31"); # increment counter +- +- vlr (@v[$_],"%v$_") for (0..15); # copy initial state +- +- lhi ("%r6",10); +- j (".Loop_vx_4x"); +- +-ALIGN (16); +-LABEL (".Loop_vx_4x"); +- VX_ROUND( 0, 4, 8,12); # column round +- VX_ROUND( 0, 5,10,15); # diagonal round +- brct ("%r6",".Loop_vx_4x"); +- +- vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial +- # state (mod 32) +- vlm ("%v6","%v7","32(%r7)"); # load vperm operands +- +-for (0..3) { # blocks 1,2 +- vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) +- vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]); +- vperm ("%v".($_+ 8),"%v0","%v1","%v6"); +- vperm ("%v".($_+12),"%v0","%v1","%v7"); +-} +- vlm ("%v0","%v7","0($inp)"); # load in +- vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks +- vstm ("%v0","%v7","0($out)"); # store out +- +- vlm ("%v6","%v7","32(%r7)"); # restore vperm operands +- +-for (0..3) { # blocks 2,3 +- vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) +- vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]); +- vperm ("%v".($_+ 8),"%v0","%v1","%v6"); +- vperm ("%v".($_+12),"%v0","%v1","%v7"); +-} +- vlm ("%v0","%v7","128($inp)"); # load in +- vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks +- vstm ("%v0","%v7","128($out)"); # store out +- +- ahi ("%r0",4); +- st ("%r0","48+$off($sp)"); # update initial state +- +- la ($inp,"256($inp)"); +- la ($out,"256($out)"); +- brctg ("%r1",".Lvx_4x"); +- +-ALIGN (16); +-LABEL (".Lvx_4x_done"); +- lghi ("%r1",0xff); +- ngr ($len,"%r1"); +- jnz (".Lvx_rem"); +- +-ALIGN (16); +-LABEL (".Lvx_done"); +- vzero ("%v$_") for (16..31); # wipe ks and key copy +- vstm ("%v16","%v17","16+$off($sp)"); +- vlm ("%v8","%v15","8($sp)") if ($z); +- +- la ($sp,"$frame($sp)"); +-&{$z? \&lmg:\&lm} ("%r6","%r7","6*$SIZE_T($sp)"); +- +-if (!$z) { +- ld ("%f4","16*$SIZE_T+2*8($sp)"); +- ld ("%f6","16*$SIZE_T+3*8($sp)"); +- vzero ("%v$_") for (8..15); +-} +- br ("%r14"); +-ALIGN (16); +-LABEL (".Lvx_rem"); +- lhi ("%r0",64); +- +- sr ($len,"%r0"); +- brc (2,".Lvx_rem_g64"); # cc==2? +- +- lghi ("%r1",-$stdframe); +- +- la ($counter,"48+$off($sp)"); # load updated iv +- ar ($len,"%r0"); # restore len +- +- lgr ("%r7",$counter); +-&{$z? \&stg:\&st} ("%r14","14*$SIZE_T+$frame($sp)"); +- la ($sp,"0(%r1,$sp)"); +- +- bras ("%r14","_s390x_chacha_novx"); +- +- la ($sp,"$stdframe($sp)"); +-&{$z? \&lg:\&l} ("%r14","14*$SIZE_T+$frame($sp)"); +- lgr ($counter,"%r7"); +- j (".Lvx_done"); +- +-ALIGN (16); +-LABEL (".Lvx_rem_g64"); +- vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial +- # state +- vl ("%v31","16(%r7)"); +- vaf ("%v12","%v12","%v31"); # increment counter +- +- vlr (@v[$_],"%v$_") for (0..15); # state = initial state +- +- lhi ("%r6",10); +- j (".Loop_vx_rem"); +- +-ALIGN (16); +-LABEL (".Loop_vx_rem"); +- VX_ROUND( 0, 4, 8,12); # column round +- VX_ROUND( 0, 5,10,15); # diagonal round +- brct ("%r6",".Loop_vx_rem"); +- +- vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial +- # state (mod 32) +- vlm ("%v6","%v7","32(%r7)"); # load vperm operands +- +-for (0..3) { # blocks 1,2 +- vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) +- vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]); +- vperm ("%v".($_+8),"%v0","%v1","%v6"); +- vperm ("%v".($_+12),"%v0","%v1","%v7"); +-} +- vlm ("%v0","%v3","0($inp)"); # load in +- vx ("%v$_","%v$_","%v".($_+8)) for (0..3); # out = in ^ ks +- vstm ("%v0","%v3","0($out)"); # store out +- +- la ($inp,"64($inp)"); +- la ($out,"64($out)"); +- +- sr ($len,"%r0"); +- brc (4,".Lvx_tail"); # cc==4? +- +- vlm ("%v0","%v3","0($inp)"); # load in +- vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks +- vstm ("%v0","%v3","0($out)"); # store out +- jz (".Lvx_done"); +- +-for (0..3) { # blocks 3,4 +- vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state) +- vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]); +- vperm ("%v".($_+12),"%v0","%v1","%v6"); +- vperm ("%v".($_+8),"%v0","%v1","%v7"); +-} +- la ($inp,"64($inp)"); +- la ($out,"64($out)"); +- +- sr ($len,"%r0"); +- brc (4,".Lvx_tail"); # cc==4? +- +- vlm ("%v0","%v3","0($inp)"); # load in +- vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks +- vstm ("%v0","%v3","0($out)"); # store out +- jz (".Lvx_done"); +- +- la ($inp,"64($inp)"); +- la ($out,"64($out)"); +- +- sr ($len,"%r0"); +- vlr ("%v".($_+4),"%v$_") for (8..11); +- j (".Lvx_tail"); +- +-ALIGN (16); +-LABEL (".Lvx_tail"); +- ar ($len,"%r0"); # restore $len +- ahi ($len,-1); +- +- lhi ("%r0",16); +-for (0..2) { +- vll ("%v0",$len,($_*16)."($inp)"); +- vx ("%v0","%v0","%v".($_+12)); +- vstl ("%v0",$len,($_*16)."($out)"); +- sr ($len,"%r0"); +- brc (4,".Lvx_done"); # cc==4? +-} +- vll ("%v0",$len,"3*16($inp)"); +- vx ("%v0","%v0","%v15"); +- vstl ("%v0",$len,"3*16($out)"); +- j (".Lvx_done"); +-SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32"); +-} +- +-# NOVX CODE PATH +-{ +-my $frame=$stdframe+4*20; +- +-TYPE ("_s390x_chacha_novx","\@function"); +-ALIGN (32); +-LABEL ("_s390x_chacha_novx"); +-&{$z? \<gr:\<r} ($len,$len); # $len==0? +- bzr ("%r14"); ++LABEL (".Lshort"); + &{$z? \&aghi:\&ahi} ($len,-64); + &{$z? \&lghi:\&lhi} ("%r1",-$frame); + &{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)"); +@@ -607,17 +427,629 @@ LABEL (".Loop_tail"); + brct (@t[1],".Loop_tail"); + + j (".Ldone"); +-SIZE ("_s390x_chacha_novx",".-_s390x_chacha_novx"); ++SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32"); ++} ++ ++######################################################################## ++# 4x"vertical" layout minimizes amount of instructions, but pipeline ++# runs underutilized [because of vector instructions' high latency]. ++# On the other hand minimum amount of data it takes to fully utilize ++# the pipeline is higher, so that effectively, short inputs would be ++# processed slower. Hence this code path targeting <=256 bytes lengths. ++# ++{ ++my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, ++ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%v$_",(0..15)); ++my @K=map("%v$_",(16..19)); ++my $CTR="%v26"; ++my ($xt0,$xt1,$xt2,$xt3)=map("%v$_",(27..30)); ++my $beperm="%v31"; ++my ($x00,$x10,$x20,$x30)=(0,map("r$_",(8..10))); ++my $FRAME=$stdframe+4*16; ++ ++ALIGN (32); ++LABEL ("ChaCha20_ctr32_4x"); ++LABEL (".LChaCha20_ctr32_4x"); ++&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); ++if (!$z) { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain ++if ($z) { ++ std ("%f8","$stdframe+8*0($sp)"); ++ std ("%f9","$stdframe+8*1($sp)"); ++ std ("%f10","$stdframe+8*2($sp)"); ++ std ("%f11","$stdframe+8*3($sp)"); ++ std ("%f12","$stdframe+8*4($sp)"); ++ std ("%f13","$stdframe+8*5($sp)"); ++ std ("%f14","$stdframe+8*6($sp)"); ++ std ("%f15","$stdframe+8*7($sp)"); ++} ++ larl ("%r7",".Lsigma"); ++ lhi ("%r0",10); ++ lhi ("%r1",0); ++ ++ vl (@K[0],"0(%r7)"); # load sigma ++ vl (@K[1],"0($key)"); # load key ++ vl (@K[2],"16($key)"); ++ vl (@K[3],"0($counter)"); # load counter ++ ++ vl ($beperm,"0x40(%r7)"); ++ vl ($xt1,"0x50(%r7)"); ++ vrepf ($CTR,@K[3],0); ++ vlvgf (@K[3],"%r1",0); # clear @K[3].word[0] ++ vaf ($CTR,$CTR,$xt1); ++ ++#LABEL (".Loop_outer_4x"); ++ vlm ($xa0,$xa3,"0x60(%r7)"); # load [smashed] sigma ++ ++ vrepf ($xb0,@K[1],0); # smash the key ++ vrepf ($xb1,@K[1],1); ++ vrepf ($xb2,@K[1],2); ++ vrepf ($xb3,@K[1],3); ++ ++ vrepf ($xc0,@K[2],0); ++ vrepf ($xc1,@K[2],1); ++ vrepf ($xc2,@K[2],2); ++ vrepf ($xc3,@K[2],3); ++ ++ vlr ($xd0,$CTR); ++ vrepf ($xd1,@K[3],1); ++ vrepf ($xd2,@K[3],2); ++ vrepf ($xd3,@K[3],3); ++ ++LABEL (".Loop_4x"); ++ VX_lane_ROUND(0, 4, 8,12); ++ VX_lane_ROUND(0, 5,10,15); ++ brct ("%r0",".Loop_4x"); ++ ++ vaf ($xd0,$xd0,$CTR); ++ ++ vmrhf ($xt0,$xa0,$xa1); # transpose data ++ vmrhf ($xt1,$xa2,$xa3); ++ vmrlf ($xt2,$xa0,$xa1); ++ vmrlf ($xt3,$xa2,$xa3); ++ vpdi ($xa0,$xt0,$xt1,0b0000); ++ vpdi ($xa1,$xt0,$xt1,0b0101); ++ vpdi ($xa2,$xt2,$xt3,0b0000); ++ vpdi ($xa3,$xt2,$xt3,0b0101); ++ ++ vmrhf ($xt0,$xb0,$xb1); ++ vmrhf ($xt1,$xb2,$xb3); ++ vmrlf ($xt2,$xb0,$xb1); ++ vmrlf ($xt3,$xb2,$xb3); ++ vpdi ($xb0,$xt0,$xt1,0b0000); ++ vpdi ($xb1,$xt0,$xt1,0b0101); ++ vpdi ($xb2,$xt2,$xt3,0b0000); ++ vpdi ($xb3,$xt2,$xt3,0b0101); ++ ++ vmrhf ($xt0,$xc0,$xc1); ++ vmrhf ($xt1,$xc2,$xc3); ++ vmrlf ($xt2,$xc0,$xc1); ++ vmrlf ($xt3,$xc2,$xc3); ++ vpdi ($xc0,$xt0,$xt1,0b0000); ++ vpdi ($xc1,$xt0,$xt1,0b0101); ++ vpdi ($xc2,$xt2,$xt3,0b0000); ++ vpdi ($xc3,$xt2,$xt3,0b0101); ++ ++ vmrhf ($xt0,$xd0,$xd1); ++ vmrhf ($xt1,$xd2,$xd3); ++ vmrlf ($xt2,$xd0,$xd1); ++ vmrlf ($xt3,$xd2,$xd3); ++ vpdi ($xd0,$xt0,$xt1,0b0000); ++ vpdi ($xd1,$xt0,$xt1,0b0101); ++ vpdi ($xd2,$xt2,$xt3,0b0000); ++ vpdi ($xd3,$xt2,$xt3,0b0101); ++ ++ #vrepif ($xt0,4); ++ #vaf ($CTR,$CTR,$xt0); # next counter value ++ ++ vaf ($xa0,$xa0,@K[0]); ++ vaf ($xb0,$xb0,@K[1]); ++ vaf ($xc0,$xc0,@K[2]); ++ vaf ($xd0,$xd0,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++ #&{$z? \&clgfi:\&clfi} ($len,0x40); ++ #jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ #je (".Ldone_4x"); ++ ++ vaf ($xa0,$xa1,@K[0]); ++ vaf ($xb0,$xb1,@K[1]); ++ vaf ($xc0,$xc1,@K[2]); ++ vaf ($xd0,$xd1,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_4x"); ++ ++ vaf ($xa0,$xa2,@K[0]); ++ vaf ($xb0,$xb2,@K[1]); ++ vaf ($xc0,$xc2,@K[2]); ++ vaf ($xd0,$xd2,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_4x"); ++ ++ vaf ($xa0,$xa3,@K[0]); ++ vaf ($xb0,$xb3,@K[1]); ++ vaf ($xc0,$xc3,@K[2]); ++ vaf ($xd0,$xd3,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ #la $inp,0x40($inp)); ++ #la $out,0x40($out)); ++ #lhi %r0,10); ++ #&{$z? \&aghi:\&ahi} $len,-0x40); ++ #jne .Loop_outer_4x); ++ ++LABEL (".Ldone_4x"); ++if (!$z) { ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++} else { ++ ld ("%f8","$stdframe+8*0($sp)"); ++ ld ("%f9","$stdframe+8*1($sp)"); ++ ld ("%f10","$stdframe+8*2($sp)"); ++ ld ("%f11","$stdframe+8*3($sp)"); ++ ld ("%f12","$stdframe+8*4($sp)"); ++ ld ("%f13","$stdframe+8*5($sp)"); ++ ld ("%f14","$stdframe+8*6($sp)"); ++ ld ("%f15","$stdframe+8*7($sp)"); ++} ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++ ++ALIGN (16); ++LABEL (".Ltail_4x"); ++if (!$z) { ++ vlr ($xt0,$xb0); ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++ ++ vst ($xa0,"$stdframe+0x00($sp)"); ++ vst ($xt0,"$stdframe+0x10($sp)"); ++ vst ($xc0,"$stdframe+0x20($sp)"); ++ vst ($xd0,"$stdframe+0x30($sp)"); ++} else { ++ vlr ($xt0,$xc0); ++ ld ("%f8","$stdframe+8*0($sp)"); ++ ld ("%f9","$stdframe+8*1($sp)"); ++ ld ("%f10","$stdframe+8*2($sp)"); ++ ld ("%f11","$stdframe+8*3($sp)"); ++ vlr ($xt1,$xd0); ++ ld ("%f12","$stdframe+8*4($sp)"); ++ ld ("%f13","$stdframe+8*5($sp)"); ++ ld ("%f14","$stdframe+8*6($sp)"); ++ ld ("%f15","$stdframe+8*7($sp)"); ++ ++ vst ($xa0,"$stdframe+0x00($sp)"); ++ vst ($xb0,"$stdframe+0x10($sp)"); ++ vst ($xt0,"$stdframe+0x20($sp)"); ++ vst ($xt1,"$stdframe+0x30($sp)"); + } ++ lghi ("%r1",0); ++ ++LABEL (".Loop_tail_4x"); ++ llgc ("%r5","0(%r1,$inp)"); ++ llgc ("%r6","$stdframe(%r1,$sp)"); ++ xr ("%r6","%r5"); ++ stc ("%r6","0(%r1,$out)"); ++ la ("%r1","1(%r1)"); ++ brct ($len,".Loop_tail_4x"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++SIZE ("ChaCha20_ctr32_4x",".-ChaCha20_ctr32_4x"); ++} ++ ++######################################################################## ++# 6x"horizontal" layout is optimal fit for the platform in its current ++# shape, more specifically for given vector instructions' latency. Well, ++# computational part of 8x"vertical" would be faster, but it consumes ++# all registers and dealing with that will diminish the return... ++# ++{ ++my ($a0,$b0,$c0,$d0, $a1,$b1,$c1,$d1, ++ $a2,$b2,$c2,$d2, $a3,$b3,$c3,$d3, ++ $a4,$b4,$c4,$d4, $a5,$b5,$c5,$d5)=map("%v$_",(0..23)); ++my @K=map("%v$_",(27,24..26)); ++my ($t0,$t1,$t2,$t3)=map("%v$_",27..30); ++my $beperm="%v31"; ++my $FRAME=$stdframe + 4*16; ++ ++GLOBL ("ChaCha20_ctr32_vx"); ++ALIGN (32); ++LABEL ("ChaCha20_ctr32_vx"); ++LABEL (".LChaCha20_ctr32_vx"); ++&{$z? \&clgfi:\&clfi} ($len,256); ++ jle (".LChaCha20_ctr32_4x"); ++&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); ++if (!$z) { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain ++if ($z) { ++ std ("%f8","$FRAME-8*8($sp)"); ++ std ("%f9","$FRAME-8*7($sp)"); ++ std ("%f10","$FRAME-8*6($sp)"); ++ std ("%f11","$FRAME-8*5($sp)"); ++ std ("%f12","$FRAME-8*4($sp)"); ++ std ("%f13","$FRAME-8*3($sp)"); ++ std ("%f14","$FRAME-8*2($sp)"); ++ std ("%f15","$FRAME-8*1($sp)"); ++} ++ larl ("%r7",".Lsigma"); ++ lhi ("%r0",10); ++ ++ vlm (@K[1],@K[2],"0($key)"); # load key ++ vl (@K[3],"0($counter)"); # load counter ++ ++ vlm (@K[0],"$beperm","0(%r7)"); # load sigma, increments, ... ++ ++LABEL (".Loop_outer_vx"); ++ vlr ($a0,@K[0]); ++ vlr ($b0,@K[1]); ++ vlr ($a1,@K[0]); ++ vlr ($b1,@K[1]); ++ vlr ($a2,@K[0]); ++ vlr ($b2,@K[1]); ++ vlr ($a3,@K[0]); ++ vlr ($b3,@K[1]); ++ vlr ($a4,@K[0]); ++ vlr ($b4,@K[1]); ++ vlr ($a5,@K[0]); ++ vlr ($b5,@K[1]); ++ ++ vlr ($d0,@K[3]); ++ vaf ($d1,@K[3],$t1); # K[3]+1 ++ vaf ($d2,@K[3],$t2); # K[3]+2 ++ vaf ($d3,@K[3],$t3); # K[3]+3 ++ vaf ($d4,$d2,$t2); # K[3]+4 ++ vaf ($d5,$d2,$t3); # K[3]+5 ++ ++ vlr ($c0,@K[2]); ++ vlr ($c1,@K[2]); ++ vlr ($c2,@K[2]); ++ vlr ($c3,@K[2]); ++ vlr ($c4,@K[2]); ++ vlr ($c5,@K[2]); ++ ++ vlr ($t1,$d1); ++ vlr ($t2,$d2); ++ vlr ($t3,$d3); ++ ++ALIGN (4); ++LABEL (".Loop_vx"); ++ ++ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, ++ $b0,$b1,$b2,$b3,$b4,$b5, ++ $c0,$c1,$c2,$c3,$c4,$c5, ++ $d0,$d1,$d2,$d3,$d4,$d5, ++ 0); ++ ++ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, ++ $b0,$b1,$b2,$b3,$b4,$b5, ++ $c0,$c1,$c2,$c3,$c4,$c5, ++ $d0,$d1,$d2,$d3,$d4,$d5, ++ 1); ++ ++ brct ("%r0",".Loop_vx"); ++ ++ vaf ($a0,$a0,@K[0]); ++ vaf ($b0,$b0,@K[1]); ++ vaf ($c0,$c0,@K[2]); ++ vaf ($d0,$d0,@K[3]); ++ vaf ($a1,$a1,@K[0]); ++ vaf ($d1,$d1,$t1); # +K[3]+1 ++ ++ vperm ($a0,$a0,$a0,$beperm); ++ vperm ($b0,$b0,$b0,$beperm); ++ vperm ($c0,$c0,$c0,$beperm); ++ vperm ($d0,$d0,$d0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vaf ($d2,$d2,$t2); # +K[3]+2 ++ vaf ($d3,$d3,$t3); # +K[3]+3 ++ vlm ($t0,$t3,"0($inp)"); ++ ++ vx ($a0,$a0,$t0); ++ vx ($b0,$b0,$t1); ++ vx ($c0,$c0,$t2); ++ vx ($d0,$d0,$t3); ++ ++ vlm (@K[0],$t3,"0(%r7)"); # re-load sigma and increments ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($b1,$b1,@K[1]); ++ vaf ($c1,$c1,@K[2]); ++ ++ vperm ($a0,$a1,$a1,$beperm); ++ vperm ($b0,$b1,$b1,$beperm); ++ vperm ($c0,$c1,$c1,$beperm); ++ vperm ($d0,$d1,$d1,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a2,$a2,@K[0]); ++ vaf ($b2,$b2,@K[1]); ++ vaf ($c2,$c2,@K[2]); ++ ++ vperm ($a0,$a2,$a2,$beperm); ++ vperm ($b0,$b2,$b2,$beperm); ++ vperm ($c0,$c2,$c2,$beperm); ++ vperm ($d0,$d2,$d2,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a3,$a3,@K[0]); ++ vaf ($b3,$b3,@K[1]); ++ vaf ($c3,$c3,@K[2]); ++ vaf ($d2,@K[3],$t3); # K[3]+3 ++ ++ vperm ($a0,$a3,$a3,$beperm); ++ vperm ($b0,$b3,$b3,$beperm); ++ vperm ($c0,$c3,$c3,$beperm); ++ vperm ($d0,$d3,$d3,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vaf ($d3,$d2,$t1); # K[3]+4 ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a4,$a4,@K[0]); ++ vaf ($b4,$b4,@K[1]); ++ vaf ($c4,$c4,@K[2]); ++ vaf ($d4,$d4,$d3); # +K[3]+4 ++ vaf ($d3,$d3,$t1); # K[3]+5 ++ vaf (@K[3],$d2,$t3); # K[3]+=6 ++ ++ vperm ($a0,$a4,$a4,$beperm); ++ vperm ($b0,$b4,$b4,$beperm); ++ vperm ($c0,$c4,$c4,$beperm); ++ vperm ($d0,$d4,$d4,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a5,$a5,@K[0]); ++ vaf ($b5,$b5,@K[1]); ++ vaf ($c5,$c5,@K[2]); ++ vaf ($d5,$d5,$d3); # +K[3]+5 ++ ++ vperm ($a0,$a5,$a5,$beperm); ++ vperm ($b0,$b5,$b5,$beperm); ++ vperm ($c0,$c5,$c5,$beperm); ++ vperm ($d0,$d5,$d5,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++ lhi ("%r0",10); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ jne (".Loop_outer_vx"); ++ ++LABEL (".Ldone_vx"); ++if (!$z) { ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++} else { ++ ld ("%f8","$FRAME-8*8($sp)"); ++ ld ("%f9","$FRAME-8*7($sp)"); ++ ld ("%f10","$FRAME-8*6($sp)"); ++ ld ("%f11","$FRAME-8*5($sp)"); ++ ld ("%f12","$FRAME-8*4($sp)"); ++ ld ("%f13","$FRAME-8*3($sp)"); ++ ld ("%f14","$FRAME-8*2($sp)"); ++ ld ("%f15","$FRAME-8*1($sp)"); ++} ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++ ++ALIGN (16); ++LABEL (".Ltail_vx"); ++if (!$z) { ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++} else { ++ ld ("%f8","$FRAME-8*8($sp)"); ++ ld ("%f9","$FRAME-8*7($sp)"); ++ ld ("%f10","$FRAME-8*6($sp)"); ++ ld ("%f11","$FRAME-8*5($sp)"); ++ ld ("%f12","$FRAME-8*4($sp)"); ++ ld ("%f13","$FRAME-8*3($sp)"); ++ ld ("%f14","$FRAME-8*2($sp)"); ++ ld ("%f15","$FRAME-8*1($sp)"); ++} ++ vstm ($a0,$d0,"$stdframe($sp)"); ++ lghi ("%r1",0); ++ ++LABEL (".Loop_tail_vx"); ++ llgc ("%r5","0(%r1,$inp)"); ++ llgc ("%r6","$stdframe(%r1,$sp)"); ++ xr ("%r6","%r5"); ++ stc ("%r6","0(%r1,$out)"); ++ la ("%r1","1(%r1)"); ++ brct ($len,".Loop_tail_vx"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++SIZE ("ChaCha20_ctr32_vx",".-ChaCha20_ctr32_vx"); + } + ################ + +-ALIGN (64); ++ALIGN (32); + LABEL (".Lsigma"); + LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma +-LONG (0x00000000,0x00000001,0x00000002,0x00000003); # vaf counter increment +-LONG (0x03020100,0x07060504,0x13121110,0x17161514); # vperm serialization +-LONG (0x0b0a0908,0x0f0e0d0c,0x1b1a1918,0x1f1e1d1c); # vperm serialization ++LONG (1,0,0,0); ++LONG (2,0,0,0); ++LONG (3,0,0,0); ++LONG (0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c); # byte swap ++ ++LONG (0,1,2,3); ++LONG (0x61707865,0x61707865,0x61707865,0x61707865); # smashed sigma ++LONG (0x3320646e,0x3320646e,0x3320646e,0x3320646e); ++LONG (0x79622d32,0x79622d32,0x79622d32,0x79622d32); ++LONG (0x6b206574,0x6b206574,0x6b206574,0x6b206574); ++ + ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by \""); + ALIGN (4); + +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch openssl-1.1.1l/debian/patches/0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch --- openssl-1.1.1l/debian/patches/0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,1637 @@ +From 31a8b6f64e544720e572599a14c074261d0329de Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Sat, 23 Mar 2019 00:03:24 +0100 +Subject: [PATCH 08/25] s390x assembly pack: import poly from cryptogams repo + +>=20% faster than present code. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Matt Caswell +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8560) + +(cherry picked from commit 2e6b615f795e8ca8ae830a00079c4ea064eaae42) +--- + crypto/poly1305/asm/poly1305-s390x.pl | 1455 ++++++++++++++----------- + crypto/poly1305/build.info | 1 + + 2 files changed, 799 insertions(+), 657 deletions(-) + +diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl +index 9a545a694e..5ee527a47b 100755 +--- a/crypto/poly1305/asm/poly1305-s390x.pl ++++ b/crypto/poly1305/asm/poly1305-s390x.pl +@@ -32,10 +32,20 @@ + # Copyright IBM Corp. 2019 + # Author: Patrick Steuer + ++# ++# January 2019 ++# ++# Add vector base 2^26 implementation. It's problematic to accurately ++# measure performance, because reference system is hardly idle. But ++# it's sub-cycle, i.e. less than 1 cycle per processed byte, and it's ++# >=20% faster than IBM's submission on long inputs, and much faster on ++# short ones, because calculation of key powers is postponed till we ++# know that input is long enough to justify the additional overhead. ++ + use strict; + use FindBin qw($Bin); + use lib "$Bin/../.."; +-use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL); ++use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); + + my $flavour = shift; + +@@ -51,666 +61,98 @@ if ($flavour =~ /3[12]/) { + my $output; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + ++my $stdframe=16*$SIZE_T+4*8; + my $sp="%r15"; + +-# novx code path ctx layout +-# --------------------------------- +-# var value base off +-# --------------------------------- +-# u64 h[3] hash 2^64 0 +-# u32 pad[2] +-# u64 r[2] key 2^64 32 +- +-# vx code path ctx layout +-# --------------------------------- +-# var value base off +-# --------------------------------- +-# u32 acc1[5] r^2-acc 2^26 0 +-# u32 pad +-# u32 acc2[5] r-acc 2^26 24 +-# u32 pad +-# u32 r1[5] r 2^26 48 +-# u32 r15[5] 5*r 2^26 68 +-# u32 r2[5] r^2 2^26 88 +-# u32 r25[5] 5*r^2 2^26 108 +-# u32 r4[5] r^4 2^26 128 +-# u32 r45[5] 5*r^4 2^26 148 ++my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); + + PERLASM_BEGIN($output); + ++INCLUDE ("s390x_arch.h"); + TEXT (); + + ################ + # static void poly1305_init(void *ctx, const unsigned char key[16]) + { +-my ($ctx,$key)=map("%r$_",(2..3)); +-my ($r0,$r1,$r2)=map("%r$_",(9,11,13)); +- +-sub MUL_RKEY { # r*=key +-my ($d0hi,$d0lo,$d1hi,$d1lo)=map("%r$_",(4..7)); +-my ($t0,$t1,$s1)=map("%r$_",(8,10,12)); +- +- lg ("%r0","32($ctx)"); +- lg ("%r1","40($ctx)"); +- +- srlg ($s1,"%r1",2); +- algr ($s1,"%r1"); +- +- lgr ($d0lo,$r0); +- lgr ($d1lo,$r1); +- +- mlgr ($d0hi,"%r0"); +- lgr ($r1,$d1lo); +- mlgr ($d1hi,$s1); +- +- mlgr ($t0,"%r1"); +- mlgr ($t1,"%r0"); +- +- algr ($d0lo,$d1lo); +- lgr ($d1lo,$r2); +- alcgr ($d0hi,$d1hi); +- lghi ($d1hi,0); +- +- algr ($r1,$r0); +- alcgr ($t1,$t0); +- +- msgr ($d1lo,$s1); +- msgr ($r2,"%r0"); +- +- algr ($r1,$d1lo); +- alcgr ($t1,$d1hi); +- +- algr ($r1,$d0hi); +- alcgr ($r2,$t1); +- +- lghi ($r0,-4); +- ngr ($r0,$r2); +- srlg ($t0,$r2,2); +- algr ($r0,$t0); +- lghi ($t1,3); +- ngr ($r2,$t1); +- +- algr ($r0,$d0lo); +- alcgr ($r1,$d1hi); +- alcgr ($r2,$d1hi); +-} +- +-sub ST_R5R { # store r,5*r -> base 2^26 +-my @d=map("%r$_",(4..8)); +-my @off=@_; +- +- lgr (@d[2],$r0); +- lr ("%r1",@d[2]); +- nilh ("%r1",1023); +- lgr (@d[3],$r1); +- lr (@d[0],"%r1"); +- srlg ("%r1",@d[2],52); +- lgr (@d[4],$r2); +- srlg ("%r0",@d[2],26); +- sll (@d[4],24); +- lr (@d[2],@d[3]); +- nilh ("%r0",1023); +- sll (@d[2],12); +- lr (@d[1],"%r0"); +- &or (@d[2],"%r1"); +- srlg ("%r1",@d[3],40); +- nilh (@d[2],1023); +- &or (@d[4],"%r1"); +- srlg (@d[3],@d[3],14); +- nilh (@d[4],1023); +- nilh (@d[3],1023); +- +- stm (@d[0],@d[4],"@off[0]($ctx)"); +- mhi (@d[$_],5) for (0..4); +- stm (@d[0],@d[4],"@off[1]($ctx)"); +-} +- + GLOBL ("poly1305_init"); + TYPE ("poly1305_init","\@function"); + ALIGN (16); + LABEL ("poly1305_init"); + lghi ("%r0",0); + lghi ("%r1",-1); +- stg ("%r0","0($ctx)"); # zero hash value / acc1 ++ stg ("%r0","0($ctx)"); # zero hash value + stg ("%r0","8($ctx)"); + stg ("%r0","16($ctx)"); ++ st ("%r0","24($ctx)"); # clear is_base2_26 ++ lgr ("%r5",$ctx); # reassign $ctx ++ lghi ("%r2",0); + +-&{$z? \&clgr:\&clr} ($key,"%r0"); +- je (".Ldone"); ++&{$z? \&clgr:\&clr} ($inp,"%r0"); ++ je (".Lno_key"); + +- lrvg ("%r4","0($key)"); # load little-endian key +- lrvg ("%r5","8($key)"); ++ lrvg ("%r2","0($inp)"); # load little-endian key ++ lrvg ("%r3","8($inp)"); + +- nihl ("%r1",0xffc0); # 0xffffffc0ffffffff +- srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff ++ nihl ("%r1",0xffc0); # 0xffffffc0ffffffff ++ srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff + srlg ("%r1","%r1",4); +- nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc ++ nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc + +- ngr ("%r4","%r0"); +- ngr ("%r5","%r1"); ++ ngr ("%r2","%r0"); ++ ngr ("%r3","%r1"); + +- stg ("%r4","32($ctx)"); +- stg ("%r5","40($ctx)"); ++ stmg ("%r2","%r3","32(%r5)"); + + larl ("%r1","OPENSSL_s390xcap_P"); + lg ("%r0","16(%r1)"); +- tmhh ("%r0",0x4000); # check for vector facility +- jz (".Ldone"); +- +- larl ("%r4","poly1305_blocks_vx"); +- larl ("%r5","poly1305_emit_vx"); +- +-&{$z? \&stmg:\&stm} ("%r6","%r13","6*$SIZE_T($sp)"); +-&{$z? \&stmg:\&stm} ("%r4","%r5","4*$z+228($ctx)"); +- +- lg ($r0,"32($ctx)"); +- lg ($r1,"40($ctx)"); +- lghi ($r2,0); +- +- ST_R5R (48,68); # store r,5*r +- +- MUL_RKEY(); +- ST_R5R (88,108); # store r^2,5*r^2 +- +- MUL_RKEY(); +- MUL_RKEY(); +- ST_R5R (128,148); # store r^4,5*r^4 +- +- lghi ("%r0",0); +- stg ("%r0","24($ctx)"); # zero acc2 +- stg ("%r0","32($ctx)"); +- stg ("%r0","40($ctx)"); +- +-&{$z? \&lmg:\&lm} ("%r6","%r13","6*$SIZE_T($sp)"); ++ srlg ("%r0","%r0",62); ++ nill ("%r0",1); # extract vx bit ++ lcgr ("%r0","%r0"); ++ larl ("%r1",".Lpoly1305_blocks"); ++ larl ("%r2",".Lpoly1305_blocks_vx"); ++ larl ("%r3",".Lpoly1305_emit"); ++&{$z? \&xgr:\&xr} ("%r2","%r1"); # select between scalar and vector ++&{$z? \&ngr:\&nr} ("%r2","%r0"); ++&{$z? \&xgr:\&xr} ("%r2","%r1"); ++&{$z? \&stmg:\&stm} ("%r2","%r3","0(%r4)"); + lghi ("%r2",1); +- br ("%r14"); +- +-LABEL (".Ldone"); +- lghi ("%r2",0); ++LABEL (".Lno_key"); + br ("%r14"); + SIZE ("poly1305_init",".-poly1305_init"); + } + +-# VX CODE PATH +-{ +-my $frame=8*16; +-my @m01=map("%v$_",(0..4)); +-my @m23=map("%v$_",(5..9)); +-my @tmp=@m23; +-my @acc=map("%v$_",(10..14)); +-my @r=map("%v$_",(15..19)); +-my @r5=map("%v$_",(20..24)); +-my $padvec="%v26"; +-my $mask4="%v27"; +-my @vperm=map("%v$_",(28..30)); +-my $mask="%v31"; +- +-sub REDUCE { +- vesrlg (@tmp[0],@acc[0],26); +- vesrlg (@tmp[3],@acc[3],26); +- vn (@acc[0],@acc[0],$mask); +- vn (@acc[3],@acc[3],$mask); +- vag (@acc[1],@acc[1],@tmp[0]); # carry 0->1 +- vag (@acc[4],@acc[4],@tmp[3]); # carry 3->4 +- +- vesrlg (@tmp[1],@acc[1],26); +- vesrlg (@tmp[4],@acc[4],26); +- vn (@acc[1],@acc[1],$mask); +- vn (@acc[4],@acc[4],$mask); +- veslg (@tmp[0],@tmp[4],2); +- vag (@tmp[4],@tmp[4],@tmp[0]); # h[4]*=5 +- vag (@acc[2],@acc[2],@tmp[1]); # carry 1->2 +- vag (@acc[0],@acc[0],@tmp[4]); # carry 4->0 +- +- vesrlg (@tmp[2],@acc[2],26); +- vesrlg (@tmp[0],@acc[0],26); +- vn (@acc[2],@acc[2],$mask); +- vn (@acc[0],@acc[0],$mask); +- vag (@acc[3],@acc[3],@tmp[2]); # carry 2->3 +- vag (@acc[1],@acc[1],@tmp[0]); # carry 0->1 +- +- vesrlg (@tmp[3],@acc[3],26); +- vn (@acc[3],@acc[3],$mask); +- vag (@acc[4],@acc[4],@tmp[3]); # carry 3->4 +-} +- + ################ +-# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp, +-# size_t len, u32 padbit) ++# static void poly1305_blocks(void *ctx, const unsigned char *inp, ++# size_t len, u32 padbit) + { +-my ($ctx,$inp,$len) = map("%r$_",(2..4)); +-my $padbit="%r0"; +- +-GLOBL ("poly1305_blocks_vx"); +-TYPE ("poly1305_blocks_vx","\@function"); +-ALIGN (16); +-LABEL ("poly1305_blocks_vx"); +-if ($z) { +- aghi ($sp,-$frame); +- vstm ("%v8","%v15","0($sp)"); +-} else { +- std ("%f4","16*$SIZE_T+2*8($sp)"); +- std ("%f6","16*$SIZE_T+3*8($sp)"); +- llgfr ($len,$len); +-} +- llgfr ($padbit,"%r5"); +- vlef (@acc[$_],"4*$_($ctx)",1) for (0..4); # load acc1 +- larl ("%r5",".Lconst"); +- vlef (@acc[$_],"24+4*$_($ctx)",3) for (0..4); # load acc2 +- sllg ($padbit,$padbit,24); +- vlm (@vperm[0],$mask,"0(%r5)"); # load vperm ops, mask +- vgbm ($mask4,0x0707); +- vlvgp ($padvec,$padbit,$padbit); +- +- srlg ("%r1",$len,6); +- ltgr ("%r1","%r1"); +- jz (".Lvx_4x_done"); +- +-ALIGN (16); +-LABEL (".Lvx_4x"); +- vlm ("%v20","%v23","0($inp)"); # load m0,m1,m2,m3 +- +- # m01,m23 -> base 2^26 +- +- vperm (@m01[0],"%v20","%v21",@vperm[0]); +- vperm (@m23[0],"%v22","%v23",@vperm[0]); +- vperm (@m01[2],"%v20","%v21",@vperm[1]); +- vperm (@m23[2],"%v22","%v23",@vperm[1]); +- vperm (@m01[4],"%v20","%v21",@vperm[2]); +- vperm (@m23[4],"%v22","%v23",@vperm[2]); +- +- vesrlg (@m01[1],@m01[0],26); +- vesrlg (@m23[1],@m23[0],26); +- vesrlg (@m01[3],@m01[2],30); +- vesrlg (@m23[3],@m23[2],30); +- vesrlg (@m01[2],@m01[2],4); +- vesrlg (@m23[2],@m23[2],4); +- +- vn (@m01[4],@m01[4],$mask4); +- vn (@m23[4],@m23[4],$mask4); +-for (0..3) { +- vn (@m01[$_],@m01[$_],$mask); +- vn (@m23[$_],@m23[$_],$mask); +-} +- vaf (@m01[4],@m01[4],$padvec); # pad m01 +- vaf (@m23[4],@m23[4],$padvec); # pad m23 +- +- # acc = acc * r^4 + m01 * r^2 + m23 +- +- vlrepf (@r5[$_],"4*$_+108($ctx)") for (0..4); # load 5*r^2 +- vlrepf (@r[$_],"4*$_+88($ctx)") for (0..4); # load r^2 +- +- vmalof (@tmp[0],@m01[4],@r5[1],@m23[0]); +- vmalof (@tmp[1],@m01[4],@r5[2],@m23[1]); +- vmalof (@tmp[2],@m01[4],@r5[3],@m23[2]); +- vmalof (@tmp[3],@m01[4],@r5[4],@m23[3]); +- vmalof (@tmp[4],@m01[4],@r[0],@m23[4]); +- +- vmalof (@tmp[0],@m01[3],@r5[2],@tmp[0]); +- vmalof (@tmp[1],@m01[3],@r5[3],@tmp[1]); +- vmalof (@tmp[2],@m01[3],@r5[4],@tmp[2]); +- vmalof (@tmp[3],@m01[3],@r[0],@tmp[3]); +- vmalof (@tmp[4],@m01[3],@r[1],@tmp[4]); +- +- vmalof (@tmp[0],@m01[2],@r5[3],@tmp[0]); +- vmalof (@tmp[1],@m01[2],@r5[4],@tmp[1]); +- vmalof (@tmp[2],@m01[2],@r[0],@tmp[2]); +- vmalof (@tmp[3],@m01[2],@r[1],@tmp[3]); +- vmalof (@tmp[4],@m01[2],@r[2],@tmp[4]); +- +- vmalof (@tmp[0],@m01[1],@r5[4],@tmp[0]); +- vmalof (@tmp[1],@m01[1],@r[0],@tmp[1]); +- vmalof (@tmp[2],@m01[1],@r[1],@tmp[2]); +- vmalof (@tmp[3],@m01[1],@r[2],@tmp[3]); +- vmalof (@tmp[4],@m01[1],@r[3],@tmp[4]); +- +- vmalof (@tmp[0],@m01[0],@r[0],@tmp[0]); +- vmalof (@tmp[1],@m01[0],@r[1],@tmp[1]); +- vmalof (@tmp[2],@m01[0],@r[2],@tmp[2]); +- vmalof (@tmp[3],@m01[0],@r[3],@tmp[3]); +- vmalof (@tmp[4],@m01[0],@r[4],@tmp[4]); +- +- vlrepf (@r5[$_],"4*$_+148($ctx)") for (0..4); # load 5*r^4 +- vlrepf (@r[$_],"4*$_+128($ctx)") for (0..4); # load r^4 +- +- vmalof (@tmp[0],@acc[4],@r5[1],@tmp[0]); +- vmalof (@tmp[1],@acc[4],@r5[2],@tmp[1]); +- vmalof (@tmp[2],@acc[4],@r5[3],@tmp[2]); +- vmalof (@tmp[3],@acc[4],@r5[4],@tmp[3]); +- vmalof (@tmp[4],@acc[4],@r[0],@tmp[4]); +- +- vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); +- vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); +- vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); +- vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); +- vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); +- +- vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); +- vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); +- vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); +- vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); +- vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); +- +- vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); +- vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); +- vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); +- vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); +- vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); +- +- vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); +- vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); +- vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); +- vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); +- vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); +- +- REDUCE (); +- +- la ($inp,"64($inp)"); +- brctg ("%r1",".Lvx_4x"); +- +-ALIGN (16); +-LABEL (".Lvx_4x_done"); +- tml ($len,32); +- jz (".Lvx_2x_done"); +- +- vlm ("%v20","%v21","0($inp)"); # load m0,m1 +- +- # m01 -> base 2^26 +- +- vperm (@m01[0],"%v20","%v21",@vperm[0]); +- vperm (@m01[2],"%v20","%v21",@vperm[1]); +- vperm (@m01[4],"%v20","%v21",@vperm[2]); +- +- vesrlg (@m01[1],@m01[0],26); +- vesrlg (@m01[3],@m01[2],30); +- vesrlg (@m01[2],@m01[2],4); +- +- vn (@m01[4],@m01[4],$mask4); +- vn (@m01[$_],@m01[$_],$mask) for (0..3); +- +- vaf (@m01[4],@m01[4],$padvec); # pad m01 +- +- # acc = acc * r^2+ m01 +- +- vlrepf (@r5[$_],"4*$_+108($ctx)") for (0..4); # load 5*r^2 +- vlrepf (@r[$_],"4*$_+88($ctx)") for (0..4); # load r^2 +- +- vmalof (@tmp[0],@acc[4],@r5[1],@m01[0]); +- vmalof (@tmp[1],@acc[4],@r5[2],@m01[1]); +- vmalof (@tmp[2],@acc[4],@r5[3],@m01[2]); +- vmalof (@tmp[3],@acc[4],@r5[4],@m01[3]); +- vmalof (@tmp[4],@acc[4],@r[0],@m01[4]); +- +- vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); +- vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); +- vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); +- vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); +- vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); +- +- vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); +- vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); +- vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); +- vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); +- vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); +- +- vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); +- vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); +- vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); +- vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); +- vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); +- +- vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); +- vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); +- vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); +- vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); +- vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); +- +- REDUCE (); +- +- la ($inp,"32($inp)"); +- +-ALIGN (16); +-LABEL (".Lvx_2x_done"); +- tml ($len,16); +- jz (".Lvx_done"); +- +- vleig ($padvec,0,0); +- +- vzero ("%v20"); +- vl ("%v21","0($inp)"); # load m0 +- +- # m0 -> base 2^26 +- +- vperm (@m01[0],"%v20","%v21",@vperm[0]); +- vperm (@m01[2],"%v20","%v21",@vperm[1]); +- vperm (@m01[4],"%v20","%v21",@vperm[2]); +- +- vesrlg (@m01[1],@m01[0],26); +- vesrlg (@m01[3],@m01[2],30); +- vesrlg (@m01[2],@m01[2],4); +- +- vn (@m01[4],@m01[4],$mask4); +- vn (@m01[$_],@m01[$_],$mask) for (0..3); +- +- vaf (@m01[4],@m01[4],$padvec); # pad m0 +- +- # acc = acc * r + m01 +- +- vlrepf (@r5[$_],"4*$_+68($ctx)") for (0..4); # load 5*r +- vlrepf (@r[$_],"4*$_+48($ctx)") for (0..4); # load r +- +- vmalof (@tmp[0],@acc[4],@r5[1],@m01[0]); +- vmalof (@tmp[1],@acc[4],@r5[2],@m01[1]); +- vmalof (@tmp[2],@acc[4],@r5[3],@m01[2]); +- vmalof (@tmp[3],@acc[4],@r5[4],@m01[3]); +- vmalof (@tmp[4],@acc[4],@r[0],@m01[4]); +- +- vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); +- vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); +- vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); +- vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); +- vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); +- +- vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); +- vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); +- vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); +- vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); +- vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); +- +- vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); +- vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); +- vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); +- vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); +- vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); +- +- vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); +- vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); +- vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); +- vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); +- vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); +- +- REDUCE (); +- +-ALIGN (16); +-LABEL (".Lvx_done"); +- vstef (@acc[$_],"4*$_($ctx)",1) for (0..4); # store acc +- vstef (@acc[$_],"24+4*$_($ctx)",3) for (0..4); +- +-if ($z) { +- vlm ("%v8","%v15","0($sp)"); +- la ($sp,"$frame($sp)"); +-} else { +- ld ("%f4","16*$SIZE_T+2*8($sp)"); +- ld ("%f6","16*$SIZE_T+3*8($sp)"); +-} +- br ("%r14"); +-SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx"); +-} +- +-################ +-# static void poly1305_emit_vx(void *ctx, unsigned char mac[16], +-# const u32 nonce[4]) +-{ +-my ($ctx,$mac,$nonce) = map("%r$_",(2..4)); +- +-GLOBL ("poly1305_emit_vx"); +-TYPE ("poly1305_emit_vx","\@function"); +-ALIGN (16); +-LABEL ("poly1305_emit_vx"); +-if ($z) { +- aghi ($sp,-$frame); +- vstm ("%v8","%v15","0($sp)"); +-} else { +- std ("%f4","16*$SIZE_T+2*8($sp)"); +- std ("%f6","16*$SIZE_T+3*8($sp)"); +-} +- larl ("%r5",".Lconst"); +- +- vlef (@acc[$_],"4*$_($ctx)",1) for (0..4); # load acc1 +- vlef (@acc[$_],"24+4*$_($ctx)",3) for (0..4); # load acc2 +- vlef (@r5[$_],"108+4*$_($ctx)",1) for (0..4); # load 5*r^2 +- vlef (@r[$_],"88+4*$_($ctx)",1) for (0..4); # load r^2 +- vlef (@r5[$_],"68+4*$_($ctx)",3) for (0..4); # load 5*r +- vlef (@r[$_],"48+4*$_($ctx)",3) for (0..4); # load r +- vl ($mask,"48(%r5)"); # load mask +- +- # acc = acc1 * r^2 + acc2 * r +- +- vmlof (@tmp[0],@acc[4],@r5[1]); +- vmlof (@tmp[1],@acc[4],@r5[2]); +- vmlof (@tmp[2],@acc[4],@r5[3]); +- vmlof (@tmp[3],@acc[4],@r5[4]); +- vmlof (@tmp[4],@acc[4],@r[0]); +- +- vmalof (@tmp[0],@acc[3],@r5[2],@tmp[0]); +- vmalof (@tmp[1],@acc[3],@r5[3],@tmp[1]); +- vmalof (@tmp[2],@acc[3],@r5[4],@tmp[2]); +- vmalof (@tmp[3],@acc[3],@r[0],@tmp[3]); +- vmalof (@tmp[4],@acc[3],@r[1],@tmp[4]); +- +- vmalof (@tmp[0],@acc[2],@r5[3],@tmp[0]); +- vmalof (@tmp[1],@acc[2],@r5[4],@tmp[1]); +- vmalof (@tmp[2],@acc[2],@r[0],@tmp[2]); +- vmalof (@tmp[3],@acc[2],@r[1],@tmp[3]); +- vmalof (@tmp[4],@acc[2],@r[2],@tmp[4]); +- +- vmalof (@tmp[0],@acc[1],@r5[4],@tmp[0]); +- vmalof (@tmp[1],@acc[1],@r[0],@tmp[1]); +- vmalof (@tmp[2],@acc[1],@r[1],@tmp[2]); +- vmalof (@tmp[3],@acc[1],@r[2],@tmp[3]); +- vmalof (@tmp[4],@acc[1],@r[3],@tmp[4]); +- +- vmalof (@acc[1],@acc[0],@r[1],@tmp[1]); +- vmalof (@acc[2],@acc[0],@r[2],@tmp[2]); +- vmalof (@acc[3],@acc[0],@r[3],@tmp[3]); +- vmalof (@acc[4],@acc[0],@r[4],@tmp[4]); +- vmalof (@acc[0],@acc[0],@r[0],@tmp[0]); +- +- vzero ("%v27"); +- vsumqg (@acc[$_],@acc[$_],"%v27") for (0..4); +- +- REDUCE (); +- +- vesrlg (@tmp[1],@acc[1],26); +- vn (@acc[1],@acc[1],$mask); +- vag (@acc[2],@acc[2],@tmp[1]); # carry 1->2 +- +- vesrlg (@tmp[2],@acc[2],26); +- vn (@acc[2],@acc[2],$mask); +- vag (@acc[3],@acc[3],@tmp[2]); # carry 2->3 +- +- vesrlg (@tmp[3],@acc[3],26); +- vn (@acc[3],@acc[3],$mask); +- vag (@acc[4],@acc[4],@tmp[3]); # carry 3->4 +- +- # acc -> base 2^64 +- vleib ("%v30",6*8,7); +- vleib ("%v29",13*8,7); +- vleib ("%v28",3*8,7); +- +- veslg (@acc[1],@acc[1],26); +- veslg (@acc[3],@acc[3],26); +- vo (@acc[0],@acc[0],@acc[1]); +- vo (@acc[2],@acc[2],@acc[3]); +- +- veslg (@acc[2],@acc[2],4); +- vslb (@acc[2],@acc[2],"%v30"); # <<52 +- vo (@acc[0],@acc[0],@acc[2]); +- +- vslb (@tmp[4],@acc[4],"%v29"); # <<104 +- vo (@acc[0],@acc[0],@tmp[4]); +- +- vsrlb (@acc[1],@acc[4],"%v28"); # >>24 +- +- # acc %= 2^130-5 +- vone ("%v26"); +- vleig ("%v27",5,1); +- vone ("%v29"); +- vleig ("%v26",-4,1); +- +- vaq (@tmp[0],@acc[0],"%v27"); +- vaccq (@tmp[1],@acc[0],"%v27"); +- +- vaq (@tmp[1],@tmp[1],"%v26"); +- vaccq (@tmp[1],@tmp[1],@acc[1]); +- +- vaq (@tmp[1],@tmp[1],"%v29"); +- +- vn (@tmp[2],@tmp[1],@acc[0]); +- vnc (@tmp[3],@tmp[0],@tmp[1]); +- vo (@acc[0],@tmp[2],@tmp[3]); +- +- # acc += nonce +- vl (@vperm[0],"64(%r5)"); +- vlef (@tmp[0],"4*$_($nonce)",3-$_) for (0..3); +- +- vaq (@acc[0],@acc[0],@tmp[0]); +- +- vperm (@acc[0],@acc[0],@acc[0],@vperm[0]); +- vst (@acc[0],"0($mac)"); # store mac +- +-if ($z) { +- vlm ("%v8","%v15","0($sp)"); +- la ($sp,"$frame($sp)"); +-} else { +- ld ("%f4","16*$SIZE_T+2*8($sp)"); +- ld ("%f6","16*$SIZE_T+3*8($sp)"); +-} +- br ("%r14"); +-SIZE ("poly1305_emit_vx",".-poly1305_emit_vx"); +-} +-} +- +-# NOVX CODE PATH +-{ +-################ +-# static void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, +-# u32 padbit) +-{ +-my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); +- + my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14)); + my ($r0,$r1,$s1) = map("%r$_",(0..2)); ++ + GLOBL ("poly1305_blocks"); + TYPE ("poly1305_blocks","\@function"); + ALIGN (16); + LABEL ("poly1305_blocks"); +-$z? srlg ($len,$len,4) :srl ($len,4); +- lghi ("%r0",0); +-&{$z? \&clgr:\&clr} ($len,"%r0"); +- je (".Lno_data"); ++LABEL (".Lpoly1305_blocks"); ++&{$z? \<gr:\<r} ("%r0",$len); ++ jz (".Lno_data"); + + &{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); + +- llgfr ($padbit,$padbit); # clear upper half, much needed with +- # non-64-bit ABI +- lg ($r0,"32($ctx)"); # load key +- lg ($r1,"40($ctx)"); +- +- lg ($h0,"0($ctx)"); # load hash value ++ lg ($h0,"0($ctx)"); # load hash value + lg ($h1,"8($ctx)"); + lg ($h2,"16($ctx)"); + ++LABEL (".Lpoly1305_blocks_entry"); ++if ($z) { ++ srlg ($len,$len,4); ++} else { ++ srl ($len,4); ++} ++ llgfr ($padbit,$padbit); # clear upper half, much needed with ++ # non-64-bit ABI ++ lg ($r0,"32($ctx)"); # load key ++ lg ($r1,"40($ctx)"); ++ + &{$z? \&stg:\&st} ($ctx,"2*$SIZE_T($sp)"); # off-load $ctx + srlg ($s1,$r1,2); + algr ($s1,$r1); # s1 = r1 + r1>>2 +@@ -718,21 +160,21 @@ $z? srlg ($len,$len,4) :srl ($len,4); + + ALIGN (16); + LABEL (".Loop"); +- lrvg ($d0lo,"0($inp)"); # load little-endian input ++ lrvg ($d0lo,"0($inp)"); # load little-endian input + lrvg ($d1lo,"8($inp)"); + la ($inp,"16($inp)"); + +- algr ($d0lo,$h0); # accumulate input ++ algr ($d0lo,$h0); # accumulate input + alcgr ($d1lo,$h1); ++ alcgr ($h2,$padbit); + + lgr ($h0,$d0lo); +- mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo ++ mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo + lgr ($h1,$d1lo); +- mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo ++ mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo + +- mlgr ($t0,$r1); # h0*r1 -> $t0:$h0 +- mlgr ($t1,$r0); # h1*r0 -> $t1:$h1 +- alcgr ($h2,$padbit); ++ mlgr ($t0,$r1); # h0*r1 -> $t0:$h0 ++ mlgr ($t1,$r0); # h1*r0 -> $t1:$h1 + + algr ($d0lo,$d1lo); + lgr ($d1lo,$h2); +@@ -742,16 +184,16 @@ LABEL (".Loop"); + algr ($h1,$h0); + alcgr ($t1,$t0); + +- msgr ($d1lo,$s1); # h2*s1 +- msgr ($h2,$r0); # h2*r0 ++ msgr ($d1lo,$s1); # h2*s1 ++ msgr ($h2,$r0); # h2*r0 + + algr ($h1,$d1lo); +- alcgr ($t1,$d1hi); # $d1hi is zero ++ alcgr ($t1,$d1hi); # $d1hi is zero + + algr ($h1,$d0hi); + alcgr ($h2,$t1); + +- lghi ($h0,-4); # final reduction step ++ lghi ($h0,-4); # final reduction step + ngr ($h0,$h2); + srlg ($t0,$h2,2); + algr ($h0,$t0); +@@ -759,14 +201,14 @@ LABEL (".Loop"); + ngr ($h2,$t1); + + algr ($h0,$d0lo); +- alcgr ($h1,$d1hi); # $d1hi is still zero +- alcgr ($h2,$d1hi); # $d1hi is still zero ++ alcgr ($h1,$d1hi); # $d1hi is still zero ++ alcgr ($h2,$d1hi); # $d1hi is still zero + + &{$z? \&brctg:\&brct} ($len,".Loop"); + + &{$z? \&lg:\&l} ($ctx,"2*$SIZE_T($sp)");# restore $ctx + +- stg ($h0,"0($ctx)"); # store hash value ++ stg ($h0,"0($ctx)"); # store hash value + stg ($h1,"8($ctx)"); + stg ($h2,"16($ctx)"); + +@@ -776,68 +218,767 @@ LABEL (".Lno_data"); + SIZE ("poly1305_blocks",".-poly1305_blocks"); + } + ++################ ++# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp, ++# size_t len, u32 padbit) ++{ ++my ($H0, $H1, $H2, $H3, $H4) = map("%v$_",(0..4)); ++my ($I0, $I1, $I2, $I3, $I4) = map("%v$_",(5..9)); ++my ($R0, $R1, $S1, $R2, $S2) = map("%v$_",(10..14)); ++my ($R3, $S3, $R4, $S4) = map("%v$_",(15..18)); ++my ($ACC0, $ACC1, $ACC2, $ACC3, $ACC4) = map("%v$_",(19..23)); ++my ($T1, $T2, $T3, $T4) = map("%v$_",(24..27)); ++my ($mask26,$bswaplo,$bswaphi,$bswapmi) = map("%v$_",(28..31)); ++ ++my ($d2,$d0,$h0,$d1,$h1,$h2)=map("%r$_",(9..14)); ++ ++TYPE ("poly1305_blocks_vx","\@function"); ++ALIGN (16); ++LABEL ("poly1305_blocks_vx"); ++LABEL (".Lpoly1305_blocks_vx"); ++&{$z? \&clgfi:\&clfi} ($len,128); ++ jhe ("__poly1305_blocks_vx"); ++ ++&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); ++ ++ lg ($d0,"0($ctx)"); ++ lg ($d1,"8($ctx)"); ++ lg ($d2,"16($ctx)"); ++ ++ llgfr ("%r0",$d0); # base 2^26 -> base 2^64 ++ srlg ($h0,$d0,32); ++ llgfr ("%r1",$d1); ++ srlg ($h1,$d1,32); ++ srlg ($h2,$d2,32); ++ ++ sllg ("%r0","%r0",26); ++ algr ($h0,"%r0"); ++ sllg ("%r0",$h1,52); ++ srlg ($h1,$h1,12); ++ sllg ("%r1","%r1",14); ++ algr ($h0,"%r0"); ++ alcgr ($h1,"%r1"); ++ sllg ("%r0",$h2,40); ++ srlg ($h2,$h2,24); ++ lghi ("%r1",0); ++ algr ($h1,"%r0"); ++ alcgr ($h2,"%r1"); ++ ++ llgf ("%r0","24($ctx)"); # is_base2_26 ++ lcgr ("%r0","%r0"); ++ ++ xgr ($h0,$d0); # choose between radixes ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ngr ($h0,"%r0"); ++ ngr ($h1,"%r0"); ++ ngr ($h2,"%r0"); ++ xgr ($h0,$d0); ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ++ lhi ("%r0",0); ++ st ("%r0","24($ctx)"); # clear is_base2_26 ++ ++ j (".Lpoly1305_blocks_entry"); ++SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx"); ++ ++TYPE ("__poly1305_mul","\@function"); ++ALIGN (16); ++LABEL ("__poly1305_mul"); ++ vmlof ($ACC0,$H0,$R0); ++ vmlof ($ACC1,$H0,$R1); ++ vmlof ($ACC2,$H0,$R2); ++ vmlof ($ACC3,$H0,$R3); ++ vmlof ($ACC4,$H0,$R4); ++ ++ vmalof ($ACC0,$H1,$S4,$ACC0); ++ vmalof ($ACC1,$H1,$R0,$ACC1); ++ vmalof ($ACC2,$H1,$R1,$ACC2); ++ vmalof ($ACC3,$H1,$R2,$ACC3); ++ vmalof ($ACC4,$H1,$R3,$ACC4); ++ ++ vmalof ($ACC0,$H2,$S3,$ACC0); ++ vmalof ($ACC1,$H2,$S4,$ACC1); ++ vmalof ($ACC2,$H2,$R0,$ACC2); ++ vmalof ($ACC3,$H2,$R1,$ACC3); ++ vmalof ($ACC4,$H2,$R2,$ACC4); ++ ++ vmalof ($ACC0,$H3,$S2,$ACC0); ++ vmalof ($ACC1,$H3,$S3,$ACC1); ++ vmalof ($ACC2,$H3,$S4,$ACC2); ++ vmalof ($ACC3,$H3,$R0,$ACC3); ++ vmalof ($ACC4,$H3,$R1,$ACC4); ++ ++ vmalof ($ACC0,$H4,$S1,$ACC0); ++ vmalof ($ACC1,$H4,$S2,$ACC1); ++ vmalof ($ACC2,$H4,$S3,$ACC2); ++ vmalof ($ACC3,$H4,$S4,$ACC3); ++ vmalof ($ACC4,$H4,$R0,$ACC4); ++ ++ ################################################################ ++ # lazy reduction ++ ++ vesrlg ($H4,$ACC3,26); ++ vesrlg ($H1,$ACC0,26); ++ vn ($H3,$ACC3,$mask26); ++ vn ($H0,$ACC0,$mask26); ++ vag ($H4,$H4,$ACC4); # h3 -> h4 ++ vag ($H1,$H1,$ACC1); # h0 -> h1 ++ ++ vesrlg ($ACC4,$H4,26); ++ vesrlg ($ACC1,$H1,26); ++ vn ($H4,$H4,$mask26); ++ vn ($H1,$H1,$mask26); ++ vag ($H0,$H0,$ACC4); ++ vag ($H2,$ACC2,$ACC1); # h1 -> h2 ++ ++ veslg ($ACC4,$ACC4,2); # <<2 ++ vesrlg ($ACC2,$H2,26); ++ vn ($H2,$H2,$mask26); ++ vag ($H0,$H0,$ACC4); # h4 -> h0 ++ vag ($H3,$H3,$ACC2); # h2 -> h3 ++ ++ vesrlg ($ACC0,$H0,26); ++ vesrlg ($ACC3,$H3,26); ++ vn ($H0,$H0,$mask26); ++ vn ($H3,$H3,$mask26); ++ vag ($H1,$H1,$ACC0); # h0 -> h1 ++ vag ($H4,$H4,$ACC3); # h3 -> h4 ++ br ("%r14"); ++SIZE ("__poly1305_mul",".-__poly1305_mul"); ++ ++TYPE ("__poly1305_blocks_vx","\@function"); ++ALIGN (16); ++LABEL ("__poly1305_blocks_vx"); ++&{$z? \&lgr:\&lr} ("%r0",$sp); ++&{$z? \&stmg:\&stm} ("%r10","%r15","10*$SIZE_T($sp)"); ++if (!$z) { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++ ahi ($sp,-$stdframe); ++ st ("%r0","0($sp)"); # back-chain ++ ++ llgfr ($len,$len); # so that srlg works on $len ++} else { ++ aghi ($sp,"-($stdframe+8*8)"); ++ stg ("%r0","0($sp)"); # back-chain ++ ++ std ("%f8","$stdframe+0*8($sp)"); ++ std ("%f9","$stdframe+1*8($sp)"); ++ std ("%f10","$stdframe+2*8($sp)"); ++ std ("%f11","$stdframe+3*8($sp)"); ++ std ("%f12","$stdframe+4*8($sp)"); ++ std ("%f13","$stdframe+5*8($sp)"); ++ std ("%f14","$stdframe+6*8($sp)"); ++ std ("%f15","$stdframe+7*8($sp)"); ++} ++ larl ("%r1",".Lconst"); ++ vgmg ($mask26,38,63); ++ vlm ($bswaplo,$bswapmi,"16(%r1)"); ++ ++ < ("%r0","24($ctx)"); # is_base2_26? ++ jnz (".Lskip_init"); ++ ++ lg ($h0,"32($ctx)"); # load key base 2^64 ++ lg ($h1,"40($ctx)"); ++ ++ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 ++ srlg ($d1,$h0,52); ++ risbg ($h0,$h0,38,0x80+63,0); ++ vlvgg ($R0,$h0,0); ++ risbg ($d1,$h1,38,51,12); ++ vlvgg ($R1,$d0,0); ++ risbg ($d0,$h1,38,63,50); ++ vlvgg ($R2,$d1,0); ++ srlg ($d1,$h1,40); ++ vlvgg ($R3,$d0,0); ++ vlvgg ($R4,$d1,0); ++ ++ veslg ($S1,$R1,2); ++ veslg ($S2,$R2,2); ++ veslg ($S3,$R3,2); ++ veslg ($S4,$R4,2); ++ vlr ($H0,$R0); ++ vlr ($H1,$R1); ++ vlr ($H2,$R2); ++ vlr ($H3,$R3); ++ vlr ($H4,$R4); ++ vag ($S1,$S1,$R1); # * 5 ++ vag ($S2,$S2,$R2); ++ vag ($S3,$S3,$R3); ++ vag ($S4,$S4,$R4); ++ ++ brasl ("%r14","__poly1305_mul"); # r^1:- * r^1:- ++ ++ vpdi ($R0,$H0,$R0,0); # r^2:r^1 ++ vpdi ($R1,$H1,$R1,0); ++ vpdi ($R2,$H2,$R2,0); ++ vpdi ($R3,$H3,$R3,0); ++ vpdi ($R4,$H4,$R4,0); ++ vpdi ($H0,$H0,$H0,0); # r^2:r^2 ++ vpdi ($H1,$H1,$H1,0); ++ vpdi ($H2,$H2,$H2,0); ++ vpdi ($H3,$H3,$H3,0); ++ vpdi ($H4,$H4,$H4,0); ++ veslg ($S1,$R1,2); ++ veslg ($S2,$R2,2); ++ veslg ($S3,$R3,2); ++ veslg ($S4,$R4,2); ++ vag ($S1,$S1,$R1); # * 5 ++ vag ($S2,$S2,$R2); ++ vag ($S3,$S3,$R3); ++ vag ($S4,$S4,$R4); ++ ++ brasl ("%r14,__poly1305_mul"); # r^2:r^2 * r^2:r^1 ++ ++ vl ($I0,"0(%r1)"); # borrow $I0 ++ vperm ($R0,$R0,$H0,$I0); # r^2:r^4:r^1:r^3 ++ vperm ($R1,$R1,$H1,$I0); ++ vperm ($R2,$R2,$H2,$I0); ++ vperm ($R3,$R3,$H3,$I0); ++ vperm ($R4,$R4,$H4,$I0); ++ veslf ($S1,$R1,2); ++ veslf ($S2,$R2,2); ++ veslf ($S3,$R3,2); ++ veslf ($S4,$R4,2); ++ vaf ($S1,$S1,$R1); # * 5 ++ vaf ($S2,$S2,$R2); ++ vaf ($S3,$S3,$R3); ++ vaf ($S4,$S4,$R4); ++ ++ lg ($h0,"0($ctx)"); # load hash base 2^64 ++ lg ($h1,"8($ctx)"); ++ lg ($h2,"16($ctx)"); ++ ++ vzero ($H0); ++ vzero ($H1); ++ vzero ($H2); ++ vzero ($H3); ++ vzero ($H4); ++ ++ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 ++ srlg ($d1,$h0,52); ++ risbg ($h0,$h0,38,0x80+63,0); ++ vlvgg ($H0,$h0,0); ++ risbg ($d1,$h1,38,51,12); ++ vlvgg ($H1,$d0,0); ++ risbg ($d0,$h1,38,63,50); ++ vlvgg ($H2,$d1,0); ++ srlg ($d1,$h1,40); ++ vlvgg ($H3,$d0,0); ++ risbg ($d1,$h2,37,39,24); ++ vlvgg ($H4,$d1,0); ++ ++ lhi ("%r0",1); ++ st ("%r0","24($ctx)"); # set is_base2_26 ++ ++ vstm ($R0,$S4,"48($ctx)"); # save key schedule base 2^26 ++ ++ vpdi ($R0,$R0,$R0,0); # broadcast r^2:r^4 ++ vpdi ($R1,$R1,$R1,0); ++ vpdi ($S1,$S1,$S1,0); ++ vpdi ($R2,$R2,$R2,0); ++ vpdi ($S2,$S2,$S2,0); ++ vpdi ($R3,$R3,$R3,0); ++ vpdi ($S3,$S3,$S3,0); ++ vpdi ($R4,$R4,$R4,0); ++ vpdi ($S4,$S4,$S4,0); ++ ++ j (".Loaded_hash"); ++ ++ALIGN (16); ++LABEL (".Lskip_init"); ++ vllezf ($H0,"0($ctx)"); # load hash base 2^26 ++ vllezf ($H1,"4($ctx)"); ++ vllezf ($H2,"8($ctx)"); ++ vllezf ($H3,"12($ctx)"); ++ vllezf ($H4,"16($ctx)"); ++ ++ vlrepg ($R0,"0x30($ctx)"); # broadcast r^2:r^4 ++ vlrepg ($R1,"0x40($ctx)"); ++ vlrepg ($S1,"0x50($ctx)"); ++ vlrepg ($R2,"0x60($ctx)"); ++ vlrepg ($S2,"0x70($ctx)"); ++ vlrepg ($R3,"0x80($ctx)"); ++ vlrepg ($S3,"0x90($ctx)"); ++ vlrepg ($R4,"0xa0($ctx)"); ++ vlrepg ($S4,"0xb0($ctx)"); ++ ++LABEL (".Loaded_hash"); ++ vzero ($I1); ++ vzero ($I3); ++ ++ vlm ($T1,$T4,"0x00($inp)"); # load first input block ++ la ($inp,"0x40($inp)"); ++ vgmg ($mask26,6,31); ++ vgmf ($I4,5,5); # padbit<<2 ++ ++ vperm ($I0,$T3,$T4,$bswaplo); ++ vperm ($I2,$T3,$T4,$bswapmi); ++ vperm ($T3,$T3,$T4,$bswaphi); ++ ++ verimg ($I1,$I0,$mask26,6); # >>26 ++ veslg ($I0,$I0,32); ++ veslg ($I2,$I2,28); # >>4 ++ verimg ($I3,$T3,$mask26,18); # >>14 ++ verimg ($I4,$T3,$mask26,58); # >>38 ++ vn ($I0,$I0,$mask26); ++ vn ($I2,$I2,$mask26); ++ vesrlf ($I4,$I4,2); # >>2 ++ ++ vgmg ($mask26,38,63); ++ vperm ($T3,$T1,$T2,$bswaplo); ++ vperm ($T4,$T1,$T2,$bswaphi); ++ vperm ($T2,$T1,$T2,$bswapmi); ++ ++ verimg ($I0,$T3,$mask26,0); ++ verimg ($I1,$T3,$mask26,38); # >>26 ++ verimg ($I2,$T2,$mask26,60); # >>4 ++ verimg ($I3,$T4,$mask26,50); # >>14 ++ vesrlg ($T4,$T4,40); ++ vo ($I4,$I4,$T4); ++ ++ srlg ("%r0",$len,6); ++&{$z? \&aghi:\&ahi} ("%r0",-1); ++ ++ALIGN (16); ++LABEL (".Loop_vx"); ++ vmlef ($ACC0,$I0,$R0); ++ vmlef ($ACC1,$I0,$R1); ++ vmlef ($ACC2,$I0,$R2); ++ vmlef ($ACC3,$I0,$R3); ++ vmlef ($ACC4,$I0,$R4); ++ ++ vmalef ($ACC0,$I1,$S4,$ACC0); ++ vmalef ($ACC1,$I1,$R0,$ACC1); ++ vmalef ($ACC2,$I1,$R1,$ACC2); ++ vmalef ($ACC3,$I1,$R2,$ACC3); ++ vmalef ($ACC4,$I1,$R3,$ACC4); ++ ++ vaf ($H2,$H2,$I2); ++ vaf ($H0,$H0,$I0); ++ vaf ($H3,$H3,$I3); ++ vaf ($H1,$H1,$I1); ++ vaf ($H4,$H4,$I4); ++ ++ vmalef ($ACC0,$I2,$S3,$ACC0); ++ vmalef ($ACC1,$I2,$S4,$ACC1); ++ vmalef ($ACC2,$I2,$R0,$ACC2); ++ vmalef ($ACC3,$I2,$R1,$ACC3); ++ vmalef ($ACC4,$I2,$R2,$ACC4); ++ ++ vlm ($T1,$T4,"0x00($inp)"); # load next input block ++ la ($inp,"0x40($inp)"); ++ vgmg ($mask26,6,31); ++ ++ vmalef ($ACC0,$I3,$S2,$ACC0); ++ vmalef ($ACC1,$I3,$S3,$ACC1); ++ vmalef ($ACC2,$I3,$S4,$ACC2); ++ vmalef ($ACC3,$I3,$R0,$ACC3); ++ vmalef ($ACC4,$I3,$R1,$ACC4); ++ ++ vperm ($I0,$T3,$T4,$bswaplo); ++ vperm ($I2,$T3,$T4,$bswapmi); ++ vperm ($T3,$T3,$T4,$bswaphi); ++ ++ vmalef ($ACC0,$I4,$S1,$ACC0); ++ vmalef ($ACC1,$I4,$S2,$ACC1); ++ vmalef ($ACC2,$I4,$S3,$ACC2); ++ vmalef ($ACC3,$I4,$S4,$ACC3); ++ vmalef ($ACC4,$I4,$R0,$ACC4); ++ ++ verimg ($I1,$I0,$mask26,6); # >>26 ++ veslg ($I0,$I0,32); ++ veslg ($I2,$I2,28); # >>4 ++ verimg ($I3,$T3,$mask26,18); # >>14 ++ ++ vmalof ($ACC0,$H0,$R0,$ACC0); ++ vmalof ($ACC1,$H0,$R1,$ACC1); ++ vmalof ($ACC2,$H0,$R2,$ACC2); ++ vmalof ($ACC3,$H0,$R3,$ACC3); ++ vmalof ($ACC4,$H0,$R4,$ACC4); ++ ++ vgmf ($I4,5,5); # padbit<<2 ++ verimg ($I4,$T3,$mask26,58); # >>38 ++ vn ($I0,$I0,$mask26); ++ vn ($I2,$I2,$mask26); ++ vesrlf ($I4,$I4,2); # >>2 ++ ++ vmalof ($ACC0,$H1,$S4,$ACC0); ++ vmalof ($ACC1,$H1,$R0,$ACC1); ++ vmalof ($ACC2,$H1,$R1,$ACC2); ++ vmalof ($ACC3,$H1,$R2,$ACC3); ++ vmalof ($ACC4,$H1,$R3,$ACC4); ++ ++ vgmg ($mask26,38,63); ++ vperm ($T3,$T1,$T2,$bswaplo); ++ vperm ($T4,$T1,$T2,$bswaphi); ++ vperm ($T2,$T1,$T2,$bswapmi); ++ ++ vmalof ($ACC0,$H2,$S3,$ACC0); ++ vmalof ($ACC1,$H2,$S4,$ACC1); ++ vmalof ($ACC2,$H2,$R0,$ACC2); ++ vmalof ($ACC3,$H2,$R1,$ACC3); ++ vmalof ($ACC4,$H2,$R2,$ACC4); ++ ++ verimg ($I0,$T3,$mask26,0); ++ verimg ($I1,$T3,$mask26,38); # >>26 ++ verimg ($I2,$T2,$mask26,60); # >>4 ++ ++ vmalof ($ACC0,$H3,$S2,$ACC0); ++ vmalof ($ACC1,$H3,$S3,$ACC1); ++ vmalof ($ACC2,$H3,$S4,$ACC2); ++ vmalof ($ACC3,$H3,$R0,$ACC3); ++ vmalof ($ACC4,$H3,$R1,$ACC4); ++ ++ verimg ($I3,$T4,$mask26,50); # >>14 ++ vesrlg ($T4,$T4,40); ++ vo ($I4,$I4,$T4); ++ ++ vmalof ($ACC0,$H4,$S1,$ACC0); ++ vmalof ($ACC1,$H4,$S2,$ACC1); ++ vmalof ($ACC2,$H4,$S3,$ACC2); ++ vmalof ($ACC3,$H4,$S4,$ACC3); ++ vmalof ($ACC4,$H4,$R0,$ACC4); ++ ++ ################################################################ ++ # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein ++ # and P. Schwabe ++ ++ vesrlg ($H4,$ACC3,26); ++ vesrlg ($H1,$ACC0,26); ++ vn ($H3,$ACC3,$mask26); ++ vn ($H0,$ACC0,$mask26); ++ vag ($H4,$H4,$ACC4); # h3 -> h4 ++ vag ($H1,$H1,$ACC1); # h0 -> h1 ++ ++ vesrlg ($ACC4,$H4,26); ++ vesrlg ($ACC1,$H1,26); ++ vn ($H4,$H4,$mask26); ++ vn ($H1,$H1,$mask26); ++ vag ($H0,$H0,$ACC4); ++ vag ($H2,$ACC2,$ACC1); # h1 -> h2 ++ ++ veslg ($ACC4,$ACC4,2); # <<2 ++ vesrlg ($ACC2,$H2,26); ++ vn ($H2,$H2,$mask26); ++ vag ($H0,$H0,$ACC4); # h4 -> h0 ++ vag ($H3,$H3,$ACC2); # h2 -> h3 ++ ++ vesrlg ($ACC0,$H0,26); ++ vesrlg ($ACC3,$H3,26); ++ vn ($H0,$H0,$mask26); ++ vn ($H3,$H3,$mask26); ++ vag ($H1,$H1,$ACC0); # h0 -> h1 ++ vag ($H4,$H4,$ACC3); # h3 -> h4 ++ ++&{$z? \&brctg:\&brct} ("%r0",".Loop_vx"); ++ ++ vlm ($R0,$S4,"48($ctx)"); # load all powers ++ ++ lghi ("%r0",0x30); ++&{$z? \&lcgr:\&lcr} ($len,$len); ++&{$z? \&ngr:\&nr} ($len,"%r0"); ++&{$z? \&slgr:\&slr} ($inp,$len); ++ ++LABEL (".Last"); ++ vmlef ($ACC0,$I0,$R0); ++ vmlef ($ACC1,$I0,$R1); ++ vmlef ($ACC2,$I0,$R2); ++ vmlef ($ACC3,$I0,$R3); ++ vmlef ($ACC4,$I0,$R4); ++ ++ vmalef ($ACC0,$I1,$S4,$ACC0); ++ vmalef ($ACC1,$I1,$R0,$ACC1); ++ vmalef ($ACC2,$I1,$R1,$ACC2); ++ vmalef ($ACC3,$I1,$R2,$ACC3); ++ vmalef ($ACC4,$I1,$R3,$ACC4); ++ ++ vaf ($H0,$H0,$I0); ++ vaf ($H1,$H1,$I1); ++ vaf ($H2,$H2,$I2); ++ vaf ($H3,$H3,$I3); ++ vaf ($H4,$H4,$I4); ++ ++ vmalef ($ACC0,$I2,$S3,$ACC0); ++ vmalef ($ACC1,$I2,$S4,$ACC1); ++ vmalef ($ACC2,$I2,$R0,$ACC2); ++ vmalef ($ACC3,$I2,$R1,$ACC3); ++ vmalef ($ACC4,$I2,$R2,$ACC4); ++ ++ vmalef ($ACC0,$I3,$S2,$ACC0); ++ vmalef ($ACC1,$I3,$S3,$ACC1); ++ vmalef ($ACC2,$I3,$S4,$ACC2); ++ vmalef ($ACC3,$I3,$R0,$ACC3); ++ vmalef ($ACC4,$I3,$R1,$ACC4); ++ ++ vmalef ($ACC0,$I4,$S1,$ACC0); ++ vmalef ($ACC1,$I4,$S2,$ACC1); ++ vmalef ($ACC2,$I4,$S3,$ACC2); ++ vmalef ($ACC3,$I4,$S4,$ACC3); ++ vmalef ($ACC4,$I4,$R0,$ACC4); ++ ++ vmalof ($ACC0,$H0,$R0,$ACC0); ++ vmalof ($ACC1,$H0,$R1,$ACC1); ++ vmalof ($ACC2,$H0,$R2,$ACC2); ++ vmalof ($ACC3,$H0,$R3,$ACC3); ++ vmalof ($ACC4,$H0,$R4,$ACC4); ++ ++ vmalof ($ACC0,$H1,$S4,$ACC0); ++ vmalof ($ACC1,$H1,$R0,$ACC1); ++ vmalof ($ACC2,$H1,$R1,$ACC2); ++ vmalof ($ACC3,$H1,$R2,$ACC3); ++ vmalof ($ACC4,$H1,$R3,$ACC4); ++ ++ vmalof ($ACC0,$H2,$S3,$ACC0); ++ vmalof ($ACC1,$H2,$S4,$ACC1); ++ vmalof ($ACC2,$H2,$R0,$ACC2); ++ vmalof ($ACC3,$H2,$R1,$ACC3); ++ vmalof ($ACC4,$H2,$R2,$ACC4); ++ ++ vmalof ($ACC0,$H3,$S2,$ACC0); ++ vmalof ($ACC1,$H3,$S3,$ACC1); ++ vmalof ($ACC2,$H3,$S4,$ACC2); ++ vmalof ($ACC3,$H3,$R0,$ACC3); ++ vmalof ($ACC4,$H3,$R1,$ACC4); ++ ++ vmalof ($ACC0,$H4,$S1,$ACC0); ++ vmalof ($ACC1,$H4,$S2,$ACC1); ++ vmalof ($ACC2,$H4,$S3,$ACC2); ++ vmalof ($ACC3,$H4,$S4,$ACC3); ++ vmalof ($ACC4,$H4,$R0,$ACC4); ++ ++ ################################################################ ++ # horizontal addition ++ ++ vzero ($H0); ++ vsumqg ($ACC0,$ACC0,$H0); ++ vsumqg ($ACC1,$ACC1,$H0); ++ vsumqg ($ACC2,$ACC2,$H0); ++ vsumqg ($ACC3,$ACC3,$H0); ++ vsumqg ($ACC4,$ACC4,$H0); ++ ++ ################################################################ ++ # lazy reduction ++ ++ vesrlg ($H4,$ACC3,26); ++ vesrlg ($H1,$ACC0,26); ++ vn ($H3,$ACC3,$mask26); ++ vn ($H0,$ACC0,$mask26); ++ vag ($H4,$H4,$ACC4); # h3 -> h4 ++ vag ($H1,$H1,$ACC1); # h0 -> h1 ++ ++ vesrlg ($ACC4,$H4,26); ++ vesrlg ($ACC1,$H1,26); ++ vn ($H4,$H4,$mask26); ++ vn ($H1,$H1,$mask26); ++ vag ($H0,$H0,$ACC4); ++ vag ($H2,$ACC2,$ACC1); # h1 -> h2 ++ ++ veslg ($ACC4,$ACC4,2); # <<2 ++ vesrlg ($ACC2,$H2,26); ++ vn ($H2,$H2,$mask26); ++ vag ($H0,$H0,$ACC4); # h4 -> h0 ++ vag ($H3,$H3,$ACC2); # h2 -> h3 ++ ++ vesrlg ($ACC0,$H0,26); ++ vesrlg ($ACC3,$H3,26); ++ vn ($H0,$H0,$mask26); ++ vn ($H3,$H3,$mask26); ++ vag ($H1,$H1,$ACC0); # h0 -> h1 ++ vag ($H4,$H4,$ACC3); # h3 -> h4 ++ ++&{$z? \&clgfi:\&clfi} ($len,0); ++ je (".Ldone"); ++ ++ vlm ($T1,$T4,"0x00($inp)"); # load last partial block ++ vgmg ($mask26,6,31); ++ vgmf ($I4,5,5); # padbit<<2 ++ ++ vperm ($I0,$T3,$T4,$bswaplo); ++ vperm ($I2,$T3,$T4,$bswapmi); ++ vperm ($T3,$T3,$T4,$bswaphi); ++ ++ vl ($ACC0,"0x30($len,%r1)"); # borrow $ACC0,1 ++ vl ($ACC1,"0x60($len,%r1)"); ++ ++ verimg ($I1,$I0,$mask26,6); # >>26 ++ veslg ($I0,$I0,32); ++ veslg ($I2,$I2,28); # >>4 ++ verimg ($I3,$T3,$mask26,18); # >>14 ++ verimg ($I4,$T3,$mask26,58); # >>38 ++ vn ($I0,$I0,$mask26); ++ vn ($I2,$I2,$mask26); ++ vesrlf ($I4,$I4,2); # >>2 ++ ++ vgmg ($mask26,38,63); ++ vperm ($T3,$T1,$T2,$bswaplo); ++ vperm ($T4,$T1,$T2,$bswaphi); ++ vperm ($T2,$T1,$T2,$bswapmi); ++ ++ verimg ($I0,$T3,$mask26,0); ++ verimg ($I1,$T3,$mask26,38); # >>26 ++ verimg ($I2,$T2,$mask26,60); # >>4 ++ verimg ($I3,$T4,$mask26,50); # >>14 ++ vesrlg ($T4,$T4,40); ++ vo ($I4,$I4,$T4); ++ ++ vperm ($H0,$H0,$H0,$ACC0); # move hash to right lane ++ vn ($I0,$I0,$ACC1); # mask redundant lane[s] ++ vperm ($H1,$H1,$H1,$ACC0); ++ vn ($I1,$I1,$ACC1); ++ vperm ($H2,$H2,$H2,$ACC0); ++ vn ($I2,$I2,$ACC1); ++ vperm ($H3,$H3,$H3,$ACC0); ++ vn ($I3,$I3,$ACC1); ++ vperm ($H4,$H4,$H4,$ACC0); ++ vn ($I4,$I4,$ACC1); ++ ++ vaf ($I0,$I0,$H0); # accumulate hash ++ vzero ($H0); # wipe hash value ++ vaf ($I1,$I1,$H1); ++ vzero ($H1); ++ vaf ($I2,$I2,$H2); ++ vzero ($H2); ++ vaf ($I3,$I3,$H3); ++ vzero ($H3); ++ vaf ($I4,$I4,$H4); ++ vzero ($H4); ++ ++&{$z? \&lghi:\&lhi} ($len,0); ++ j (".Last"); ++ # I don't bother to tell apart cases when only one multiplication ++ # pass is sufficient, because I argue that mispredicted branch ++ # penalties are comparable to overhead of sometimes redundant ++ # multiplication pass... ++ ++LABEL (".Ldone"); ++ vstef ($H0,"0($ctx)",3); # store hash base 2^26 ++ vstef ($H1,"4($ctx)",3); ++ vstef ($H2,"8($ctx)",3); ++ vstef ($H3,"12($ctx)",3); ++ vstef ($H4,"16($ctx)",3); ++ ++if ($z) { ++ ld ("%f8","$stdframe+0*8($sp)"); ++ ld ("%f9","$stdframe+1*8($sp)"); ++ ld ("%f10","$stdframe+2*8($sp)"); ++ ld ("%f11","$stdframe+3*8($sp)"); ++ ld ("%f12","$stdframe+4*8($sp)"); ++ ld ("%f13","$stdframe+5*8($sp)"); ++ ld ("%f14","$stdframe+6*8($sp)"); ++ ld ("%f15","$stdframe+7*8($sp)"); ++&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+8*8+10*$SIZE_T($sp)"); ++} else { ++ ld ("%f4","$stdframe+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$stdframe+16*$SIZE_T+3*8($sp)"); ++&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+10*$SIZE_T($sp)"); ++} ++ br ("%r14"); ++SIZE ("__poly1305_blocks_vx",".-__poly1305_blocks_vx"); ++} ++ + ################ + # static void poly1305_emit(void *ctx, unsigned char mac[16], + # const u32 nonce[4]) + { +-my ($ctx,$mac,$nonce) = map("%r$_",(2..4)); +-my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9)); ++my ($mac,$nonce)=($inp,$len); ++my ($h0,$h1,$h2,$d0,$d1,$d2)=map("%r$_",(5..10)); + + GLOBL ("poly1305_emit"); + TYPE ("poly1305_emit","\@function"); + ALIGN (16); + LABEL ("poly1305_emit"); +-&{$z? \&stmg:\&stm} ("%r6","%r9","6*$SIZE_T($sp)"); ++LABEL (".Lpoly1305_emit"); ++&{$z? \&stmg:\&stm} ("%r6","%r10","6*$SIZE_T($sp)"); ++ ++ lg ($d0,"0($ctx)"); ++ lg ($d1,"8($ctx)"); ++ lg ($d2,"16($ctx)"); ++ ++ llgfr ("%r0",$d0); # base 2^26 -> base 2^64 ++ srlg ($h0,$d0,32); ++ llgfr ("%r1",$d1); ++ srlg ($h1,$d1,32); ++ srlg ($h2,$d2,32); ++ ++ sllg ("%r0","%r0",26); ++ algr ($h0,"%r0"); ++ sllg ("%r0",$h1,52); ++ srlg ($h1,$h1,12); ++ sllg ("%r1","%r1",14); ++ algr ($h0,"%r0"); ++ alcgr ($h1,"%r1"); ++ sllg ("%r0",$h2,40); ++ srlg ($h2,$h2,24); ++ lghi ("%r1",0); ++ algr ($h1,"%r0"); ++ alcgr ($h2,"%r1"); + +- lg ($h0,"0($ctx)"); +- lg ($h1,"8($ctx)"); +- lg ($h2,"16($ctx)"); ++ llgf ("%r0","24($ctx)"); # is_base2_26 ++ lcgr ("%r0","%r0"); ++ ++ xgr ($h0,$d0); # choose between radixes ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ngr ($h0,"%r0"); ++ ngr ($h1,"%r0"); ++ ngr ($h2,"%r0"); ++ xgr ($h0,$d0); ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); + + lghi ("%r0",5); +- lghi ("%r1",0); + lgr ($d0,$h0); + lgr ($d1,$h1); + +- algr ($h0,"%r0"); # compare to modulus ++ algr ($h0,"%r0"); # compare to modulus + alcgr ($h1,"%r1"); + alcgr ($h2,"%r1"); + +- srlg ($h2,$h2,2); # did it borrow/carry? +- slgr ("%r1",$h2); # 0-$h2>>2 +- lg ($h2,"0($nonce)"); # load nonce +- lghi ("%r0",-1); ++ srlg ($h2,$h2,2); # did it borrow/carry? ++ slgr ("%r1",$h2); # 0-$h2>>2 ++ lg ($d2,"0($nonce)"); # load nonce + lg ($ctx,"8($nonce)"); +- xgr ("%r0","%r1"); # ~%r1 + ++ xgr ($h0,$d0); ++ xgr ($h1,$d1); + ngr ($h0,"%r1"); +- ngr ($d0,"%r0"); + ngr ($h1,"%r1"); +- ngr ($d1,"%r0"); +- ogr ($h0,$d0); +- rllg ($d0,$h2,32); # flip nonce words +- ogr ($h1,$d1); ++ xgr ($h0,$d0); ++ rllg ($d0,$d2,32); # flip nonce words ++ xgr ($h1,$d1); + rllg ($d1,$ctx,32); + +- algr ($h0,$d0); # accumulate nonce ++ algr ($h0,$d0); # accumulate nonce + alcgr ($h1,$d1); + +- strvg ($h0,"0($mac)"); # write little-endian result ++ strvg ($h0,"0($mac)"); # write little-endian result + strvg ($h1,"8($mac)"); + +-&{$z? \&lmg:\&lm} ("%r6","%r9","6*$SIZE_T($sp)"); ++&{$z? \&lmg:\&lm} ("%r6","%r10","6*$SIZE_T($sp)"); + br ("%r14"); + SIZE ("poly1305_emit",".-poly1305_emit"); + } +-} ++ + ################ + +-ALIGN (128); ++ALIGN (16); + LABEL (".Lconst"); +-LONG (0x00060504,0x03020100,0x00161514,0x13121110); # vperm op[m[1],m[0]] +-LONG (0x000c0b0a,0x09080706,0x001c1b1a,0x19181716); # vperm op[m[3],m[2]] +-LONG (0x00000000,0x000f0e0d,0x00000000,0x001f1e1d); # vperm op[ - ,m[4]] +-LONG (0x00000000,0x03ffffff,0x00000000,0x03ffffff); # [0,2^26-1,0,2^26-1] +-LONG (0x0f0e0d0c,0x0b0a0908,0x07060504,0x03020100); # vperm op endian ++LONG (0x04050607,0x14151617,0x0c0d0e0f,0x1c1d1e1f); # merge odd ++LONG (0x07060504,0x03020100,0x17161514,0x13121110); # byte swap masks ++LONG (0x0f0e0d0c,0x0b0a0908,0x1f1e1d1c,0x1b1a1918); ++LONG (0x00000000,0x09080706,0x00000000,0x19181716); ++ ++LONG (0x00000000,0x00000000,0x00000000,0x0c0d0e0f); # magic tail masks ++LONG (0x0c0d0e0f,0x00000000,0x00000000,0x00000000); ++LONG (0x00000000,0x00000000,0x0c0d0e0f,0x00000000); ++ ++LONG (0xffffffff,0x00000000,0xffffffff,0xffffffff); ++LONG (0xffffffff,0x00000000,0xffffffff,0x00000000); ++LONG (0x00000000,0x00000000,0xffffffff,0x00000000); ++ + STRING ("\"Poly1305 for s390x, CRYPTOGAMS by \""); + + PERLASM_END(); +diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info +index 4e4dcca521..b730524afb 100644 +--- a/crypto/poly1305/build.info ++++ b/crypto/poly1305/build.info +@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=.. + GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME) + INCLUDE[poly1305-mips.o]=.. + GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME) ++INCLUDE[poly1305-s390x.o]=.. + + BEGINRAW[Makefile(unix)] + {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch openssl-1.1.1l/debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch --- openssl-1.1.1l/debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,64 @@ +From a8ad22a341dc1ac377453d59e5f6db49b9bf2a0b Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Thu, 7 Feb 2019 16:44:05 +0100 +Subject: [PATCH 09/25] s390x assembly pack: allow alignment hints for vector + load/store + +z14 introduced alignment hints to help vector load/store +performance. For its predecessors, alignment hint defaults +to 0 (no alignment indicated). + +Signed-off-by: Patrick Steuer + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 11aad862850cb2e639756e7126216b6cf38af26b) +--- + crypto/perlasm/s390x.pm | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm +index 5f3a49dd0c..c00218a0cc 100644 +--- a/crypto/perlasm/s390x.pm ++++ b/crypto/perlasm/s390x.pm +@@ -250,7 +250,7 @@ sub vgmg { + } + + sub vl { +- confess(err("ARGNUM")) if ($#_!=1); ++ confess(err("ARGNUM")) if ($#_<1||$#_>2); + VRX(0xe706,@_); + } + +@@ -345,7 +345,7 @@ sub vllezg { + } + + sub vlm { +- confess(err("ARGNUM")) if ($#_!=2); ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); + VRSa(0xe736,@_); + } + +@@ -548,7 +548,7 @@ sub vsegf { + } + + sub vst { +- confess(err("ARGNUM")) if ($#_!=1); ++ confess(err("ARGNUM")) if ($#_<1||$#_>2); + VRX(0xe70e,@_); + } + +@@ -570,7 +570,7 @@ sub vsteg { + } + + sub vstm { +- confess(err("ARGNUM")) if ($#_!=2); ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); + VRSa(0xe73e,@_); + } + +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch openssl-1.1.1l/debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch --- openssl-1.1.1l/debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0010-s390x-assembly-pack-update-perlasm-module.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,173 @@ +From efac7d142fff9d89ca47a425f9caac4c1ad205e6 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Mon, 25 Mar 2019 18:20:27 +0100 +Subject: [PATCH 10/25] s390x assembly pack: update perlasm module + +Add non-base instructions which are used by the chacha20 and +poly1305 modules. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 3062468b0aa0eaa287e44689157d97774fd5817e) +--- + crypto/perlasm/s390x.pm | 86 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 84 insertions(+), 2 deletions(-) + +diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm +index c00218a0cc..7fb55c780c 100644 +--- a/crypto/perlasm/s390x.pm ++++ b/crypto/perlasm/s390x.pm +@@ -6,23 +6,37 @@ + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html + +-# Copyright IBM Corp. 2018 ++# Copyright IBM Corp. 2018-2019 + # Author: Patrick Steuer + + package perlasm::s390x; + + use strict; + use warnings; ++use bigint; + use Carp qw(confess); + use Exporter qw(import); + + our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); + our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle); + our %EXPORT_TAGS=( ++ # long-displacement facility ++ LD => [qw(clgfi)], ++ # general-instruction-extension facility ++ GE => [qw(risbg)], ++ # extended-immediate facility ++ EI => [qw(lt)], ++ # miscellaneous-instruction-extensions facility 1 ++ MI1 => [qw(risbgn)], ++ # message-security assist + MSA => [qw(kmac km kmc kimd klmd)], ++ # message-security-assist extension 4 + MSA4 => [qw(kmf kmo pcc kmctr)], ++ # message-security-assist extension 5 + MSA5 => [qw(ppno prno)], ++ # message-security-assist extension 8 + MSA8 => [qw(kma)], ++ # vector facility + VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg + vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib + vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh +@@ -71,6 +85,7 @@ our %EXPORT_TAGS=( + wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb + vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb + vftci vftcidb wftcidb)], ++ # vector-enhancements facility 1 + VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth + vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb + vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs +@@ -83,10 +98,11 @@ our %EXPORT_TAGS=( + wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb + vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb + wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], ++ # vector-packed-decimal facility + VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp + vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], + ); +-Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD)); ++Exporter::export_ok_tags(qw(LD GE EI MI1 MSA MSA4 MSA5 MSA8 VX VXE VXD)); + + our $AUTOLOAD; + +@@ -143,6 +159,28 @@ sub stfle { + S(0xb2b0,@_); + } + ++# MISC ++ ++sub clgfi { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RILa(0xc2e,@_); ++} ++ ++sub lt { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RXYa(0xe312,@_); ++} ++ ++sub risbg { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ RIEf(0xec55,@_); ++} ++ ++sub risbgn { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ RIEf(0xec59,@_); ++} ++ + # MSA + + sub kmac { +@@ -2486,6 +2524,36 @@ sub vupkz { + # Instruction Formats + # + ++sub RIEf { ++ confess(err("ARGNUM")) if ($#_<4||5<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$r2,$i3,$i4,$i5)=(shift,get_R(shift),get_R(shift), ++ get_I(shift,8),get_I(shift,8), ++ get_I(shift,8)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$r2)).","; ++ $out.=sprintf("%#06x",($i3<<8)|$i4).","; ++ $out.=sprintf("%#06x",($i5<<8)|($opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub RILa { ++ confess(err("ARGNUM")) if ($#_!=2); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$i2)=(shift,get_R(shift),get_I(shift,32)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",(($opcode>>4)<<8|$r1<<4|($opcode&0xf))).","; ++ $out.=sprintf("%#06x",($i2>>16)).","; ++ $out.=sprintf("%#06x",($i2&0xffff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ + sub RRE { + confess(err("ARGNUM")) if ($#_<0||2<$#_); + my $ops=join(',',@_[1..$#_]); +@@ -2510,6 +2578,20 @@ sub RRFb { + $out.="\t# $memn\t$ops\n" + } + ++sub RXYa { ++ confess(err("ARGNUM")) if ($#_!=2); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$d2,$x2,$b2)=(shift,get_R(shift),get_DXB(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$x2)).","; ++ $out.=sprintf("%#06x",($b2<<12|($d2&0xfff))).","; ++ $out.=sprintf("%#06x",(($d2>>12)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ + sub S { + confess(err("ARGNUM")) if ($#_<0||1<$#_); + my $ops=join(',',@_[1..$#_]); +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch openssl-1.1.1l/debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch --- openssl-1.1.1l/debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,33 @@ +From 292cd2879dc6dcd1923e606a0ebc719425f643b9 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Mon, 25 Mar 2019 18:22:02 +0100 +Subject: [PATCH 11/25] s390x assembly pack: remove chacha20 dependency on + non-base memnonics + +Signed-off-by: Patrick Steuer + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 302aa3c26d9e716ed4a3fba453faafa7acadf22c) +--- + crypto/chacha/asm/chacha-s390x.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl +index 040ce391c0..16a90c6ae6 100755 +--- a/crypto/chacha/asm/chacha-s390x.pl ++++ b/crypto/chacha/asm/chacha-s390x.pl +@@ -40,7 +40,7 @@ + use strict; + use FindBin qw($Bin); + use lib "$Bin/../.."; +-use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); ++use perlasm::s390x qw(:DEFAULT :VX :LD AUTOLOAD LABEL INCLUDE); + + my $flavour = shift; + +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch openssl-1.1.1l/debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch --- openssl-1.1.1l/debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,33 @@ +From 7ecac2c4326ab42e85ffd98e7ce137c11fb54121 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Mon, 25 Mar 2019 18:23:59 +0100 +Subject: [PATCH 12/25] s390x assembly pack: remove poly1305 dependency on + non-base memnonics + +Signed-off-by: Patrick Steuer + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8181) + +(cherry picked from commit 5ee08f45bcabc3cef0d7d7b2aa6ecad12ca4197b) +--- + crypto/poly1305/asm/poly1305-s390x.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl +index 5ee527a47b..4f4ed47665 100755 +--- a/crypto/poly1305/asm/poly1305-s390x.pl ++++ b/crypto/poly1305/asm/poly1305-s390x.pl +@@ -45,7 +45,7 @@ + use strict; + use FindBin qw($Bin); + use lib "$Bin/../.."; +-use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); ++use perlasm::s390x qw(:DEFAULT :LD :GE :EI :MI1 :VX AUTOLOAD LABEL INCLUDE); + + my $flavour = shift; + +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0013-fix-strict-warnings-build.patch openssl-1.1.1l/debian/patches/0013-fix-strict-warnings-build.patch --- openssl-1.1.1l/debian/patches/0013-fix-strict-warnings-build.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0013-fix-strict-warnings-build.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,694 @@ +From 4d323fecdc733e6da6ab40951e26b9a65c403f3b Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Sun, 7 Apr 2019 13:48:15 +0200 +Subject: [PATCH 13/25] fix --strict-warnings build + +ISO C90 forbids specifying subobject to initialize + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/8693) + +(cherry picked from commit 61d7045bd234d82b689ad314bfe57bfc478358fb) +--- + crypto/s390xcap.c | 612 +++++++++++++++++++++++----------------------- + 1 file changed, 306 insertions(+), 306 deletions(-) + +diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c +index db1ee9d4cb..11e7ea4cc7 100644 +--- a/crypto/s390xcap.c ++++ b/crypto/s390xcap.c +@@ -152,17 +152,17 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Facility detection would fail on real hw (no STFLE). + */ + static const struct OPENSSL_s390xcap_st z900 = { +- .stfle = {0ULL, 0ULL, 0ULL, 0ULL}, +- .kimd = {0ULL, 0ULL}, +- .klmd = {0ULL, 0ULL}, +- .km = {0ULL, 0ULL}, +- .kmc = {0ULL, 0ULL}, +- .kmac = {0ULL, 0ULL}, +- .kmctr = {0ULL, 0ULL}, +- .kmo = {0ULL, 0ULL}, +- .kmf = {0ULL, 0ULL}, +- .prno = {0ULL, 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.stfle = */{0ULL, 0ULL, 0ULL, 0ULL}, ++ /*.kimd = */{0ULL, 0ULL}, ++ /*.klmd = */{0ULL, 0ULL}, ++ /*.km = */{0ULL, 0ULL}, ++ /*.kmc = */{0ULL, 0ULL}, ++ /*.kmac = */{0ULL, 0ULL}, ++ /*.kmctr = */{0ULL, 0ULL}, ++ /*.kmo = */{0ULL, 0ULL}, ++ /*.kmf = */{0ULL, 0ULL}, ++ /*.prno = */{0ULL, 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -170,25 +170,25 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA. Facility detection would fail on real hw (no STFLE). + */ + static const struct OPENSSL_s390xcap_st z990 = { +- .stfle = {S390X_CAPBIT(S390X_MSA), +- 0ULL, 0ULL, 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1), +- 0ULL}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY), +- 0ULL}, +- .kmctr = {0ULL, 0ULL}, +- .kmo = {0ULL, 0ULL}, +- .kmf = {0ULL, 0ULL}, +- .prno = {0ULL, 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA), ++ 0ULL, 0ULL, 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1), ++ 0ULL}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kmctr = */{0ULL, 0ULL}, ++ /*.kmo = */{0ULL, 0ULL}, ++ /*.kmf = */{0ULL, 0ULL}, ++ /*.prno = */{0ULL, 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -196,30 +196,30 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA and MSA1. + */ + static const struct OPENSSL_s390xcap_st z9 = { +- .stfle = {S390X_CAPBIT(S390X_MSA) +- | S390X_CAPBIT(S390X_STCKF), +- 0ULL, 0ULL, 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256), +- 0ULL}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY), +- 0ULL}, +- .kmctr = {0ULL, 0ULL}, +- .kmo = {0ULL, 0ULL}, +- .kmf = {0ULL, 0ULL}, +- .prno = {0ULL, 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ 0ULL, 0ULL, 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256), ++ 0ULL}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kmctr = */{0ULL, 0ULL}, ++ /*.kmo = */{0ULL, 0ULL}, ++ /*.kmf = */{0ULL, 0ULL}, ++ /*.prno = */{0ULL, 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -227,36 +227,36 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA and MSA1-2. + */ + static const struct OPENSSL_s390xcap_st z10 = { +- .stfle = {S390X_CAPBIT(S390X_MSA) +- | S390X_CAPBIT(S390X_STCKF), +- 0ULL, 0ULL, 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- 0ULL}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY), +- 0ULL}, +- .kmctr = {0ULL, 0ULL}, +- .kmo = {0ULL, 0ULL}, +- .kmf = {0ULL, 0ULL}, +- .prno = {0ULL, 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ 0ULL, 0ULL, 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kmctr = */{0ULL, 0ULL}, ++ /*.kmo = */{0ULL, 0ULL}, ++ /*.kmf = */{0ULL, 0ULL}, ++ /*.prno = */{0ULL, 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -264,55 +264,55 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA and MSA1-4. + */ + static const struct OPENSSL_s390xcap_st z196 = { +- .stfle = {S390X_CAPBIT(S390X_MSA) +- | S390X_CAPBIT(S390X_STCKF), +- S390X_CAPBIT(S390X_MSA3) +- | S390X_CAPBIT(S390X_MSA4), +- 0ULL, 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- S390X_CAPBIT(S390X_GHASH)}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256) +- | S390X_CAPBIT(S390X_XTS_AES_128) +- | S390X_CAPBIT(S390X_XTS_AES_256), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmctr = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmo = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmf = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .prno = {0ULL, 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ 0ULL, 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ S390X_CAPBIT(S390X_GHASH)}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmo = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmf = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.prno = */{0ULL, 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -320,55 +320,55 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA and MSA1-4. + */ + static const struct OPENSSL_s390xcap_st zEC12 = { +- .stfle = {S390X_CAPBIT(S390X_MSA) +- | S390X_CAPBIT(S390X_STCKF), +- S390X_CAPBIT(S390X_MSA3) +- | S390X_CAPBIT(S390X_MSA4), +- 0ULL, 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ 0ULL, 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), + S390X_CAPBIT(S390X_GHASH)}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256) +- | S390X_CAPBIT(S390X_XTS_AES_128) +- | S390X_CAPBIT(S390X_XTS_AES_256), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmctr = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmo = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmf = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .prno = {0ULL, 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmo = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmf = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.prno = */{0ULL, 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -376,59 +376,59 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA and MSA1-5. + */ + static const struct OPENSSL_s390xcap_st z13 = { +- .stfle = {S390X_CAPBIT(S390X_MSA) +- | S390X_CAPBIT(S390X_STCKF) +- | S390X_CAPBIT(S390X_MSA5), +- S390X_CAPBIT(S390X_MSA3) +- | S390X_CAPBIT(S390X_MSA4), +- S390X_CAPBIT(S390X_VX), +- 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- S390X_CAPBIT(S390X_GHASH)}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256) +- | S390X_CAPBIT(S390X_XTS_AES_128) +- | S390X_CAPBIT(S390X_XTS_AES_256), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmctr = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmo = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmf = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .prno = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_512_DRNG), +- 0ULL}, +- .kma = {0ULL, 0ULL}, ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF) ++ | S390X_CAPBIT(S390X_MSA5), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ S390X_CAPBIT(S390X_VX), ++ 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ S390X_CAPBIT(S390X_GHASH)}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmo = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmf = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.prno = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_512_DRNG), ++ 0ULL}, ++ /*.kma = */{0ULL, 0ULL}, + }; + + /*- +@@ -436,78 +436,78 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + * Implements MSA and MSA1-8. + */ + static const struct OPENSSL_s390xcap_st z14 = { +- .stfle = {S390X_CAPBIT(S390X_MSA) +- | S390X_CAPBIT(S390X_STCKF) +- | S390X_CAPBIT(S390X_MSA5), +- S390X_CAPBIT(S390X_MSA3) +- | S390X_CAPBIT(S390X_MSA4), +- S390X_CAPBIT(S390X_VX) +- | S390X_CAPBIT(S390X_VXD) +- | S390X_CAPBIT(S390X_VXE) +- | S390X_CAPBIT(S390X_MSA8), +- 0ULL}, +- .kimd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512) +- | S390X_CAPBIT(S390X_SHA3_224) +- | S390X_CAPBIT(S390X_SHA3_256) +- | S390X_CAPBIT(S390X_SHA3_384) +- | S390X_CAPBIT(S390X_SHA3_512) +- | S390X_CAPBIT(S390X_SHAKE_128) +- | S390X_CAPBIT(S390X_SHAKE_256), +- S390X_CAPBIT(S390X_GHASH)}, +- .klmd = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_1) +- | S390X_CAPBIT(S390X_SHA_256) +- | S390X_CAPBIT(S390X_SHA_512) +- | S390X_CAPBIT(S390X_SHA3_224) +- | S390X_CAPBIT(S390X_SHA3_256) +- | S390X_CAPBIT(S390X_SHA3_384) +- | S390X_CAPBIT(S390X_SHA3_512) +- | S390X_CAPBIT(S390X_SHAKE_128) +- | S390X_CAPBIT(S390X_SHAKE_256), +- 0ULL}, +- .km = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256) +- | S390X_CAPBIT(S390X_XTS_AES_128) +- | S390X_CAPBIT(S390X_XTS_AES_256), +- 0ULL}, +- .kmc = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmac = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmctr = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmo = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .kmf = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, +- .prno = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SHA_512_DRNG), +- S390X_CAPBIT(S390X_TRNG)}, +- .kma = {S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_AES_128) +- | S390X_CAPBIT(S390X_AES_192) +- | S390X_CAPBIT(S390X_AES_256), +- 0ULL}, ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF) ++ | S390X_CAPBIT(S390X_MSA5), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ S390X_CAPBIT(S390X_VX) ++ | S390X_CAPBIT(S390X_VXD) ++ | S390X_CAPBIT(S390X_VXE) ++ | S390X_CAPBIT(S390X_MSA8), ++ 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512) ++ | S390X_CAPBIT(S390X_SHA3_224) ++ | S390X_CAPBIT(S390X_SHA3_256) ++ | S390X_CAPBIT(S390X_SHA3_384) ++ | S390X_CAPBIT(S390X_SHA3_512) ++ | S390X_CAPBIT(S390X_SHAKE_128) ++ | S390X_CAPBIT(S390X_SHAKE_256), ++ S390X_CAPBIT(S390X_GHASH)}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512) ++ | S390X_CAPBIT(S390X_SHA3_224) ++ | S390X_CAPBIT(S390X_SHA3_256) ++ | S390X_CAPBIT(S390X_SHA3_384) ++ | S390X_CAPBIT(S390X_SHA3_512) ++ | S390X_CAPBIT(S390X_SHAKE_128) ++ | S390X_CAPBIT(S390X_SHAKE_256), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmo = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmf = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.prno = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_512_DRNG), ++ S390X_CAPBIT(S390X_TRNG)}, ++ /*.kma = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, + }; + + char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch openssl-1.1.1l/debian/patches/0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch --- openssl-1.1.1l/debian/patches/0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,399 @@ +From 3c2577ff72fdfa2cf014b2c6010d3287e19feb71 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Thu, 27 Jun 2019 01:07:54 +0200 +Subject: [PATCH 14/25] s390x assembly pack: add support for pcc and kma + instructions + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9258) + +(cherry picked from commit e382f507fb67863be02bfa69b08533cc55f0cd96) +--- + crypto/s390x_arch.h | 22 ++++++++ + crypto/s390xcap.c | 119 +++++++++++++++++++++++++++++++++++++++++++ + crypto/s390xcpuid.pl | 71 ++++++++++++++++++++++++++ + 3 files changed, 212 insertions(+) + +diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h +index 0ed859bc8f..6068fe94d2 100644 +--- a/crypto/s390x_arch.h ++++ b/crypto/s390x_arch.h +@@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, + unsigned int fc, void *param); + void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in, + size_t len, unsigned char *out, unsigned int fc, void *param); ++int s390x_pcc(unsigned int fc, void *param); ++int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in, ++ size_t len); + + /* + * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by +@@ -45,6 +48,8 @@ struct OPENSSL_s390xcap_st { + unsigned long long kmf[2]; + unsigned long long prno[2]; + unsigned long long kma[2]; ++ unsigned long long pcc[2]; ++ unsigned long long kdsa[2]; + }; + + extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; +@@ -69,6 +74,8 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_KMF 0x90 + # define S390X_PRNO 0xa0 + # define S390X_KMA 0xb0 ++# define S390X_PCC 0xc0 ++# define S390X_KDSA 0xd0 + + /* Facility Bit Numbers */ + # define S390X_MSA 17 /* message-security-assist */ +@@ -80,6 +87,7 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_VXD 134 /* vector packed decimal */ + # define S390X_VXE 135 /* vector enhancements 1 */ + # define S390X_MSA8 146 /* message-security-assist-ext. 8 */ ++# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ + + /* Function Codes */ + +@@ -111,10 +119,24 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_SHA_512_DRNG 3 + # define S390X_TRNG 114 + ++/* pcc */ ++# define S390X_SCALAR_MULTIPLY_P256 64 ++# define S390X_SCALAR_MULTIPLY_P384 65 ++# define S390X_SCALAR_MULTIPLY_P521 66 ++ ++/* kdsa */ ++# define S390X_ECDSA_VERIFY_P256 1 ++# define S390X_ECDSA_VERIFY_P384 2 ++# define S390X_ECDSA_VERIFY_P521 3 ++# define S390X_ECDSA_SIGN_P256 9 ++# define S390X_ECDSA_SIGN_P384 10 ++# define S390X_ECDSA_SIGN_P521 11 ++ + /* Register 0 Flags */ + # define S390X_DECRYPT 0x80 + # define S390X_KMA_LPC 0x100 + # define S390X_KMA_LAAD 0x200 + # define S390X_KMA_HS 0x400 ++# define S390X_KDSA_D 0x80 + + #endif +diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c +index 11e7ea4cc7..00834e4f98 100644 +--- a/crypto/s390xcap.c ++++ b/crypto/s390xcap.c +@@ -137,6 +137,10 @@ void OPENSSL_cpuid_setup(void) + OPENSSL_s390xcap_P.prno[1] &= cap.prno[1]; + OPENSSL_s390xcap_P.kma[0] &= cap.kma[0]; + OPENSSL_s390xcap_P.kma[1] &= cap.kma[1]; ++ OPENSSL_s390xcap_P.pcc[0] &= cap.pcc[0]; ++ OPENSSL_s390xcap_P.pcc[1] &= cap.pcc[1]; ++ OPENSSL_s390xcap_P.kdsa[0] &= cap.kdsa[0]; ++ OPENSSL_s390xcap_P.kdsa[1] &= cap.kdsa[1]; + } + } + +@@ -163,6 +167,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{0ULL, 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -189,6 +195,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{0ULL, 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -220,6 +228,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{0ULL, 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -257,6 +267,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{0ULL, 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -313,6 +325,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -369,6 +384,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -429,6 +447,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + | S390X_CAPBIT(S390X_SHA_512_DRNG), + 0ULL}, + /*.kma = */{0ULL, 0ULL}, ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, + }; + + /*- +@@ -508,6 +529,101 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY), ++ 0ULL}, ++ /*.kdsa = */{0ULL, 0ULL}, ++ }; ++ ++ /*- ++ * z15 (2019) - z/Architecture POP SA22-7832-12 ++ * Implements MSA and MSA1-9. ++ */ ++ static const struct OPENSSL_s390xcap_st z15 = { ++ /*.stfle = */{S390X_CAPBIT(S390X_MSA) ++ | S390X_CAPBIT(S390X_STCKF) ++ | S390X_CAPBIT(S390X_MSA5), ++ S390X_CAPBIT(S390X_MSA3) ++ | S390X_CAPBIT(S390X_MSA4), ++ S390X_CAPBIT(S390X_VX) ++ | S390X_CAPBIT(S390X_VXD) ++ | S390X_CAPBIT(S390X_VXE) ++ | S390X_CAPBIT(S390X_MSA8), ++ 0ULL}, ++ /*.kimd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512) ++ | S390X_CAPBIT(S390X_SHA3_224) ++ | S390X_CAPBIT(S390X_SHA3_256) ++ | S390X_CAPBIT(S390X_SHA3_384) ++ | S390X_CAPBIT(S390X_SHA3_512) ++ | S390X_CAPBIT(S390X_SHAKE_128) ++ | S390X_CAPBIT(S390X_SHAKE_256), ++ S390X_CAPBIT(S390X_GHASH)}, ++ /*.klmd = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_1) ++ | S390X_CAPBIT(S390X_SHA_256) ++ | S390X_CAPBIT(S390X_SHA_512) ++ | S390X_CAPBIT(S390X_SHA3_224) ++ | S390X_CAPBIT(S390X_SHA3_256) ++ | S390X_CAPBIT(S390X_SHA3_384) ++ | S390X_CAPBIT(S390X_SHA3_512) ++ | S390X_CAPBIT(S390X_SHAKE_128) ++ | S390X_CAPBIT(S390X_SHAKE_256), ++ 0ULL}, ++ /*.km = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256) ++ | S390X_CAPBIT(S390X_XTS_AES_128) ++ | S390X_CAPBIT(S390X_XTS_AES_256), ++ 0ULL}, ++ /*.kmc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmac = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmo = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.kmf = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.prno = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SHA_512_DRNG), ++ S390X_CAPBIT(S390X_TRNG)}, ++ /*.kma = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_AES_128) ++ | S390X_CAPBIT(S390X_AES_192) ++ | S390X_CAPBIT(S390X_AES_256), ++ 0ULL}, ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521), ++ 0ULL}, ++ /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) ++ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) ++ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) ++ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) ++ | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) ++ | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) ++ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521), ++ 0ULL}, + }; + + char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; +@@ -551,6 +667,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + else if TOK_FUNC(kmf) + else if TOK_FUNC(prno) + else if TOK_FUNC(kma) ++ else if TOK_FUNC(pcc) ++ else if TOK_FUNC(kdsa) + + /* CPU model tokens */ + else if TOK_CPU(z900) +@@ -561,6 +679,7 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + else if TOK_CPU(zEC12) + else if TOK_CPU(z13) + else if TOK_CPU(z14) ++ else if TOK_CPU(z15) + + /* whitespace(ignored) or invalid tokens */ + else { +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 36023016fd..344f4f67de 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -77,8 +77,13 @@ OPENSSL_s390x_functions: + stg %r0,S390X_PRNO+8(%r4) + stg %r0,S390X_KMA(%r4) + stg %r0,S390X_KMA+8(%r4) ++ stg %r0,S390X_PCC(%r4) ++ stg %r0,S390X_PCC+8(%r4) ++ stg %r0,S390X_KDSA(%r4) ++ stg %r0,S390X_KDSA+8(%r4) + + lmg %r2,%r3,S390X_STFLE(%r4) ++ + tmhl %r2,0x4000 # check for message-security-assist + jz .Lret + +@@ -102,6 +107,13 @@ OPENSSL_s390x_functions: + la %r1,S390X_KMAC(%r4) + .long 0xb91e0042 # kmac %r4,%r2 + ++ tmhh %r3,0x0003 # check for message-security-assist-3 ++ jz .Lret ++ ++ lghi %r0,S390X_QUERY # query pcc capability vector ++ la %r1,S390X_PCC(%r4) ++ .long 0xb92c0000 # pcc ++ + tmhh %r3,0x0004 # check for message-security-assist-4 + jz .Lret + +@@ -125,6 +137,7 @@ OPENSSL_s390x_functions: + .long 0xb93c0042 # prno %r4,%r2 + + lg %r2,S390X_STFLE+16(%r4) ++ + tmhl %r2,0x2000 # check for message-security-assist-8 + jz .Lret + +@@ -132,6 +145,13 @@ OPENSSL_s390x_functions: + la %r1,S390X_KMA(%r4) + .long 0xb9294022 # kma %r2,%r4,%r2 + ++ tmhl %r2,0x0010 # check for message-security-assist-9 ++ jz .Lret ++ ++ lghi %r0,S390X_QUERY # query kdsa capability vector ++ la %r1,S390X_KDSA(%r4) ++ .long 0xb93a0002 # kdsa %r0,%r2 ++ + .Lret: + br $ra + .size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions +@@ -422,6 +442,57 @@ s390x_kma: + ___ + } + ++################ ++# void s390x_pcc(unsigned int fc, void *param) ++{ ++my ($fc,$param) = map("%r$_",(2..3)); ++$code.=<<___; ++.globl s390x_pcc ++.type s390x_pcc,\@function ++.align 16 ++s390x_pcc: ++ lr %r0,$fc ++ l${g}r %r1,$param ++ lhi %r2,0 ++ ++ .long 0xb92c0000 # pcc ++ brc 1,.-4 # pay attention to "partial completion" ++ brc 7,.Lpcc_err # if CC==0 return 0, else return 1 ++.Lpcc_out: ++ br $ra ++.Lpcc_err: ++ lhi %r2,1 ++ j .Lpcc_out ++.size s390x_pcc,.-s390x_pcc ++___ ++} ++ ++################ ++# void s390x_kdsa(unsigned int fc, void *param, ++# const unsigned char *in, size_t len) ++{ ++my ($fc,$param,$in,$len) = map("%r$_",(2..5)); ++$code.=<<___; ++.globl s390x_kdsa ++.type s390x_kdsa,\@function ++.align 16 ++s390x_kdsa: ++ lr %r0,$fc ++ l${g}r %r1,$param ++ lhi %r2,0 ++ ++ .long 0xb93a0004 # kdsa %r0,$in ++ brc 1,.-4 # pay attention to "partial completion" ++ brc 7,.Lkdsa_err # if CC==0 return 0, else return 1 ++.Lkdsa_out: ++ br $ra ++.Lkdsa_err: ++ lhi %r2,1 ++ j .Lkdsa_out ++.size s390x_kdsa,.-s390x_kdsa ++___ ++} ++ + $code.=<<___; + .section .init + brasl $ra,OPENSSL_cpuid_setup +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0015-Place-return-values-after-examples-in-doc.patch openssl-1.1.1l/debian/patches/0015-Place-return-values-after-examples-in-doc.patch --- openssl-1.1.1l/debian/patches/0015-Place-return-values-after-examples-in-doc.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0015-Place-return-values-after-examples-in-doc.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,43 @@ +From da8ef7c092f28d8c78ba03f809546c71101704a8 Mon Sep 17 00:00:00 2001 +From: Paul Yang +Date: Tue, 26 Feb 2019 13:11:10 +0800 +Subject: [PATCH 15/25] Place return values after examples in doc + +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8338) + +(cherry picked from commit 4564e77ae9dd1866e8a033f03511b6a1792c024e) +Signed-off-by: Dimitri John Ledkov +--- + doc/man3/OPENSSL_s390xcap.pod | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index 550136a82b..20a6833d96 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -139,6 +139,10 @@ the numbering is continuous across 64-bit mask boundaries. + # 20 1<<43 KMA-GCM-AES-256 + : + ++=head1 RETURN VALUES ++ ++Not available. ++ + =head1 EXAMPLES + + Disables all instruction set extensions which the z196 processor does not implement: +@@ -153,10 +157,6 @@ Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: + + OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" + +-=head1 RETURN VALUES +- +-Not available. +- + =head1 SEE ALSO + + [1] z/Architecture Principles of Operation, SA22-7832-11 +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch openssl-1.1.1l/debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch --- openssl-1.1.1l/debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,74 @@ +From 7fdfe28c43ebd49636f51b636dbd956d06e5295a Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Wed, 26 Jun 2019 23:41:35 +0200 +Subject: [PATCH 16/25] s390x assembly pack: update OPENSSL_s390xcap(3) + +Add description of capability vector's pcc and kma parts. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9258) + +(cherry picked from commit da93b5cc2bc931b998f33ee432bc1ae2b38fccca) +Signed-off-by: Dimitri John Ledkov +--- + doc/man3/OPENSSL_s390xcap.pod | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index 20a6833d96..80528a597f 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -34,14 +34,14 @@ There are three types of tokens: + The name of a processor generation. A bit in the environment variable's + mask is set to one if and only if the specified processor generation + implements the corresponding instruction set extension. Possible values +-are z900, z990, z9, z10, z196, zEC12, z13 and z14. ++are z900, z990, z9, z10, z196, zEC12, z13, z14 and z15. + + =item :: + + The name of an instruction followed by two 64-bit masks. The part of the + environment variable's mask corresponding to the specified instruction is + set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc, +-kmac, kmctr, kmo, kmf, prno and kma. ++kmac, kmctr, kmo, kmf, prno, kma, pcc and kdsa. + + =item stfle::: + +@@ -139,6 +139,21 @@ the numbering is continuous across 64-bit mask boundaries. + # 20 1<<43 KMA-GCM-AES-256 + : + ++ pcc : ++ : ++ # 64 1<<63 PCC-Scalar-Multiply-P256 ++ # 65 1<<62 PCC-Scalar-Multiply-P384 ++ # 66 1<<61 PCC-Scalar-Multiply-P521 ++ ++ kdsa : ++ # 1 1<<62 KDSA-ECDSA-Verify-P256 ++ # 2 1<<61 KDSA-ECDSA-Verify-P384 ++ # 3 1<<60 KDSA-ECDSA-Verify-P521 ++ # 9 1<<54 KDSA-ECDSA-Sign-P256 ++ # 10 1<<53 KDSA-ECDSA-Sign-P384 ++ # 11 1<<52 KDSA-ECDSA-Sign-P521 ++ : ++ + =head1 RETURN VALUES + + Not available. +@@ -159,7 +174,7 @@ Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: + + =head1 SEE ALSO + +-[1] z/Architecture Principles of Operation, SA22-7832-11 ++[1] z/Architecture Principles of Operation, SA22-7832-12 + + =head1 COPYRIGHT + +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0017-s390xcpuid.pl-fix-comment.patch openssl-1.1.1l/debian/patches/0017-s390xcpuid.pl-fix-comment.patch --- openssl-1.1.1l/debian/patches/0017-s390xcpuid.pl-fix-comment.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0017-s390xcpuid.pl-fix-comment.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,43 @@ +From c284114f14a5a0413399ce2f4a2e2932b6d07846 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Wed, 3 Jul 2019 18:02:11 +0200 +Subject: [PATCH 17/25] s390xcpuid.pl: fix comment + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9348) + +Signed-off-by: Dimitri John Ledkov +--- + crypto/s390xcpuid.pl | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 344f4f67de..2408ca52b0 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -443,7 +443,7 @@ ___ + } + + ################ +-# void s390x_pcc(unsigned int fc, void *param) ++# int s390x_pcc(unsigned int fc, void *param) + { + my ($fc,$param) = map("%r$_",(2..3)); + $code.=<<___; +@@ -468,8 +468,8 @@ ___ + } + + ################ +-# void s390x_kdsa(unsigned int fc, void *param, +-# const unsigned char *in, size_t len) ++# int s390x_kdsa(unsigned int fc, void *param, ++# const unsigned char *in, size_t len) + { + my ($fc,$param,$in,$len) = map("%r$_",(2..5)); + $code.=<<___; +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch openssl-1.1.1l/debian/patches/0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch --- openssl-1.1.1l/debian/patches/0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,331 @@ +From 95eddca9e511c156c53f2ffdd5395144da2d1741 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 9 Jul 2019 10:25:04 +0200 +Subject: [PATCH 18/25] s390x assembly pack: accelerate scalar multiplication + +for NIST P-256, P-384 and P-521 using PCC instruction. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9348) + +(cherry picked from commit cf8620a7ff9c578a65b9675cd659963184b0eacf) +Signed-off-by: Dimitri John Ledkov +--- + Configurations/00-base-templates.conf | 1 + + Configure | 3 + + crypto/ec/build.info | 2 + + crypto/ec/ec_curve.c | 25 ++-- + crypto/ec/ec_local.h | 5 + + crypto/ec/ecp_s390x_nistp.c | 197 ++++++++++++++++++++++++++ + 6 files changed, 225 insertions(+), 8 deletions(-) + create mode 100644 crypto/ec/ecp_s390x_nistp.c + +diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf +index e01dc63a8b..9add1cd32a 100644 +--- a/Configurations/00-base-templates.conf ++++ b/Configurations/00-base-templates.conf +@@ -289,6 +289,7 @@ my %targets=( + template => 1, + cpuid_asm_src => "s390xcap.c s390xcpuid.S", + bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s", ++ ec_asm_src => "ecp_s390x_nistp.c", + aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake", + sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S", + rc4_asm_src => "rc4-s390x.s", +diff --git a/Configure b/Configure +index 2e9efaa5f3..db86436378 100755 +--- a/Configure ++++ b/Configure +@@ -1388,6 +1388,9 @@ unless ($disabled{asm}) { + if ($target{ec_asm_src} =~ /ecp_nistz256/) { + push @{$config{lib_defines}}, "ECP_NISTZ256_ASM"; + } ++ if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) { ++ push @{$config{lib_defines}}, "S390X_NISTP_ASM"; ++ } + if ($target{ec_asm_src} =~ /x25519/) { + push @{$config{lib_defines}}, "X25519_ASM"; + } +diff --git a/crypto/ec/build.info b/crypto/ec/build.info +index a1e673e347..5281aca86a 100644 +--- a/crypto/ec/build.info ++++ b/crypto/ec/build.info +@@ -26,6 +26,8 @@ GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME) + INCLUDE[ecp_nistz256-armv8.o]=.. + GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME) + ++INCLUDE[ecp_s390x_nistp.o]=.. ++ + GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME) + GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME) + +diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c +index 8de486cbd7..9f17188140 100644 +--- a/crypto/ec/ec_curve.c ++++ b/crypto/ec/ec_curve.c +@@ -2829,15 +2829,22 @@ static const ec_list_element curve_list[] = { + {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, + "SECG curve over a 256 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ +- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, ++ {NID_secp384r1, &_EC_NIST_PRIME_384.h, ++# if defined(S390X_NISTP_ASM) ++ EC_GFp_s390x_nistp384_method, ++# else ++ 0, ++# endif + "NIST/SECG curve over a 384 bit prime field"}, +-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, +- "NIST/SECG curve over a 521 bit prime field"}, +-#else +- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, ++ {NID_secp521r1, &_EC_NIST_PRIME_521.h, ++# if defined(S390X_NISTP_ASM) ++ EC_GFp_s390x_nistp521_method, ++# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) ++ EC_GFp_nistp521_method, ++# else ++ 0, ++# endif + "NIST/SECG curve over a 521 bit prime field"}, +-#endif + /* X9.62 curves */ + {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, + "NIST/X9.62/SECG curve over a 192 bit prime field"}, +@@ -2854,7 +2861,9 @@ static const ec_list_element curve_list[] = { + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + #if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +-#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) ++# elif defined(S390X_NISTP_ASM) ++ EC_GFp_s390x_nistp256_method, ++# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, + #else + 0, +diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h +index e656fbd5e7..85462ba14c 100644 +--- a/crypto/ec/ec_local.h ++++ b/crypto/ec/ec_local.h +@@ -587,6 +587,11 @@ int ec_group_simple_order_bits(const EC_GROUP *group); + */ + const EC_METHOD *EC_GFp_nistz256_method(void); + #endif ++#ifdef S390X_NISTP_ASM ++const EC_METHOD *EC_GFp_s390x_nistp256_method(void); ++const EC_METHOD *EC_GFp_s390x_nistp384_method(void); ++const EC_METHOD *EC_GFp_s390x_nistp521_method(void); ++#endif + + size_t ec_key_simple_priv2oct(const EC_KEY *eckey, + unsigned char *buf, size_t len); +diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c +new file mode 100644 +index 0000000000..8f9d747616 +--- /dev/null ++++ b/crypto/ec/ecp_s390x_nistp.c +@@ -0,0 +1,197 @@ ++/* ++ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include "ec_local.h" ++#include "s390x_arch.h" ++ ++/* Size of parameter blocks */ ++#define S390X_SIZE_PARAM 4096 ++ ++/* Size of fields in parameter blocks */ ++#define S390X_SIZE_P256 32 ++#define S390X_SIZE_P384 48 ++#define S390X_SIZE_P521 80 ++ ++/* Offsets of fields in PCC parameter blocks */ ++#define S390X_OFF_RES_X(n) (0 * n) ++#define S390X_OFF_RES_Y(n) (1 * n) ++#define S390X_OFF_SRC_X(n) (2 * n) ++#define S390X_OFF_SRC_Y(n) (3 * n) ++#define S390X_OFF_SCALAR(n) (4 * n) ++ ++static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, ++ const BIGNUM *scalar, ++ size_t num, const EC_POINT *points[], ++ const BIGNUM *scalars[], ++ BN_CTX *ctx, unsigned int fc, int len) ++{ ++ unsigned char param[S390X_SIZE_PARAM]; ++ BIGNUM *x, *y; ++ const EC_POINT *point_ptr = NULL; ++ const BIGNUM *scalar_ptr = NULL; ++ BN_CTX *new_ctx = NULL; ++ int rc = -1; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (x == NULL || y == NULL) { ++ rc = 0; ++ goto ret; ++ } ++ ++ /* ++ * Use PCC for EC keygen and ECDH key derivation: ++ * scalar * generator and scalar * peer public key, ++ * scalar in [0,order). ++ */ ++ if ((scalar != NULL && num == 0 && BN_is_negative(scalar) == 0) ++ || (scalar == NULL && num == 1 && BN_is_negative(scalars[0]) == 0)) { ++ ++ if (num == 0) { ++ point_ptr = EC_GROUP_get0_generator(group); ++ scalar_ptr = scalar; ++ } else { ++ point_ptr = points[0]; ++ scalar_ptr = scalars[0]; ++ } ++ ++ if (EC_POINT_is_at_infinity(group, point_ptr) == 1 ++ || BN_is_zero(scalar_ptr)) { ++ rc = EC_POINT_set_to_infinity(group, r); ++ goto ret; ++ } ++ ++ memset(¶m, 0, sizeof(param)); ++ ++ if (group->meth->point_get_affine_coordinates(group, point_ptr, ++ x, y, ctx) != 1 ++ || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1 ++ || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1 ++ || BN_bn2binpad(scalar_ptr, ++ param + S390X_OFF_SCALAR(len), len) == -1 ++ || s390x_pcc(fc, param) != 0 ++ || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL ++ || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL ++ || group->meth->point_set_affine_coordinates(group, r, ++ x, y, ctx) != 1) ++ goto ret; ++ ++ rc = 1; ++ } ++ ++ret: ++ /* Otherwise use default. */ ++ if (rc == -1) ++ rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); ++ OPENSSL_cleanse(param, sizeof(param)); ++ BN_CTX_end(ctx); ++ BN_CTX_free(new_ctx); ++ return rc; ++} ++ ++#define EC_GFP_S390X_NISTP_METHOD(bits) \ ++ \ ++static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ ++ EC_POINT *r, \ ++ const BIGNUM *scalar, \ ++ size_t num, \ ++ const EC_POINT *points[], \ ++ const BIGNUM *scalars[], \ ++ BN_CTX *ctx) \ ++{ \ ++ return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \ ++ scalars, ctx, \ ++ S390X_SCALAR_MULTIPLY_P##bits, \ ++ S390X_SIZE_P##bits); \ ++} \ ++ \ ++const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ ++{ \ ++ static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \ ++ EC_FLAGS_DEFAULT_OCT, \ ++ NID_X9_62_prime_field, \ ++ ec_GFp_simple_group_init, \ ++ ec_GFp_simple_group_finish, \ ++ ec_GFp_simple_group_clear_finish, \ ++ ec_GFp_simple_group_copy, \ ++ ec_GFp_simple_group_set_curve, \ ++ ec_GFp_simple_group_get_curve, \ ++ ec_GFp_simple_group_get_degree, \ ++ ec_group_simple_order_bits, \ ++ ec_GFp_simple_group_check_discriminant, \ ++ ec_GFp_simple_point_init, \ ++ ec_GFp_simple_point_finish, \ ++ ec_GFp_simple_point_clear_finish, \ ++ ec_GFp_simple_point_copy, \ ++ ec_GFp_simple_point_set_to_infinity, \ ++ ec_GFp_simple_set_Jprojective_coordinates_GFp, \ ++ ec_GFp_simple_get_Jprojective_coordinates_GFp, \ ++ ec_GFp_simple_point_set_affine_coordinates, \ ++ ec_GFp_simple_point_get_affine_coordinates, \ ++ NULL, /* point_set_compressed_coordinates */ \ ++ NULL, /* point2oct */ \ ++ NULL, /* oct2point */ \ ++ ec_GFp_simple_add, \ ++ ec_GFp_simple_dbl, \ ++ ec_GFp_simple_invert, \ ++ ec_GFp_simple_is_at_infinity, \ ++ ec_GFp_simple_is_on_curve, \ ++ ec_GFp_simple_cmp, \ ++ ec_GFp_simple_make_affine, \ ++ ec_GFp_simple_points_make_affine, \ ++ ec_GFp_s390x_nistp##bits##_mul, \ ++ NULL, /* precompute_mult */ \ ++ NULL, /* have_precompute_mult */ \ ++ ec_GFp_simple_field_mul, \ ++ ec_GFp_simple_field_sqr, \ ++ NULL, /* field_div */ \ ++ ec_GFp_simple_field_inv, \ ++ NULL, /* field_encode */ \ ++ NULL, /* field_decode */ \ ++ NULL, /* field_set_to_one */ \ ++ ec_key_simple_priv2oct, \ ++ ec_key_simple_oct2priv, \ ++ NULL, /* set_private */ \ ++ ec_key_simple_generate_key, \ ++ ec_key_simple_check_key, \ ++ ec_key_simple_generate_public_key, \ ++ NULL, /* keycopy */ \ ++ NULL, /* keyfinish */ \ ++ ecdh_simple_compute_key, \ ++ NULL, /* field_inverse_mod_ord */ \ ++ ec_GFp_simple_blind_coordinates, \ ++ ec_GFp_simple_ladder_pre, \ ++ ec_GFp_simple_ladder_step, \ ++ ec_GFp_simple_ladder_post \ ++ }; \ ++ static const EC_METHOD *ret; \ ++ \ ++ if (OPENSSL_s390xcap_P.pcc[1] \ ++ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ ++ ret = &EC_GFp_s390x_nistp##bits##_meth; \ ++ else \ ++ ret = EC_GFp_mont_method(); \ ++ \ ++ return ret; \ ++} ++ ++EC_GFP_S390X_NISTP_METHOD(256) ++EC_GFP_S390X_NISTP_METHOD(384) ++EC_GFP_S390X_NISTP_METHOD(521) +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch openssl-1.1.1l/debian/patches/0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch --- openssl-1.1.1l/debian/patches/0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,527 @@ +From edfb4202d5e77b5842983a26d3e75081ec40a5ee Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Thu, 11 Jul 2019 10:23:49 +0200 +Subject: [PATCH 19/25] Enable curve-spefific ECDSA implementations via + EC_METHOD + +which are already enabled for ECDH. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9348) + +(cherry picked from commit ec1aecee2eab58302b1504c36a0a907981ad818f) +Signed-off-by: Dimitri John Ledkov + +crypto/ec/ecdsa_ossl.c: fixup constants for backport + +Origin: https://github.com/openssl/openssl/pull/11188#issuecomment-591691352 + +Signed-off-by: Dimitri John Ledkov +--- + crypto/ec/ec2_smpl.c | 3 + + crypto/ec/ec_local.h | 15 +++++ + crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------ + crypto/ec/ecp_mont.c | 3 + + crypto/ec/ecp_nist.c | 3 + + crypto/ec/ecp_nistp224.c | 3 + + crypto/ec/ecp_nistp256.c | 3 + + crypto/ec/ecp_nistp521.c | 3 + + crypto/ec/ecp_nistz256.c | 3 + + crypto/ec/ecp_s390x_nistp.c | 3 + + crypto/ec/ecp_smpl.c | 3 + + crypto/err/openssl.txt | 5 ++ + include/openssl/ecerr.h | 1 + + 13 files changed, 119 insertions(+), 36 deletions(-) + +diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c +index 84e5537a03..de356340bf 100644 +--- a/crypto/ec/ec2_smpl.c ++++ b/crypto/ec/ec2_smpl.c +@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + ec_GF2m_simple_ladder_pre, +diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h +index 85462ba14c..5fc6009b3f 100644 +--- a/crypto/ec/ec_local.h ++++ b/crypto/ec/ec_local.h +@@ -179,6 +179,14 @@ struct ec_method_st { + /* custom ECDH operation */ + int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); ++ /* custom ECDSA */ ++ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp, ++ BIGNUM **rp); ++ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen, ++ const BIGNUM *kinv, const BIGNUM *r, ++ EC_KEY *eckey); ++ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen, ++ const ECDSA_SIG *sig, EC_KEY *eckey); + /* Inverse modulo order */ + int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, + const BIGNUM *x, BN_CTX *); +@@ -656,6 +664,13 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); + int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); ++int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp); ++ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, ++ const BIGNUM *in_kinv, const BIGNUM *in_r, ++ EC_KEY *eckey); ++int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey); + + int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32]); +diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c +index 1da87bfb5e..6f1edeaee1 100644 +--- a/crypto/ec/ecdsa_ossl.c ++++ b/crypto/ec/ecdsa_ossl.c +@@ -14,6 +14,41 @@ + #include "crypto/bn.h" + #include "ec_local.h" + ++int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp) ++{ ++ if (eckey->group->meth->ecdsa_sign_setup == NULL) { ++ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); ++ return 0; ++ } ++ ++ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); ++} ++ ++ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ++ const BIGNUM *in_kinv, const BIGNUM *in_r, ++ EC_KEY *eckey) ++{ ++ if (eckey->group->meth->ecdsa_sign_sig == NULL) { ++ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); ++ return NULL; ++ } ++ ++ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len, ++ in_kinv, in_r, eckey); ++} ++ ++int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey) ++{ ++ if (eckey->group->meth->ecdsa_verify_sig == NULL) { ++ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); ++ return 0; ++ } ++ ++ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey); ++} ++ + int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) +@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, + return ret; + } + +-int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp) ++int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp) + { + return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); + } + +-ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, +- const BIGNUM *in_kinv, const BIGNUM *in_r, +- EC_KEY *eckey) ++ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, ++ const BIGNUM *in_kinv, const BIGNUM *in_r, ++ EC_KEY *eckey) + { + int ok = 0, i; + BIGNUM *kinv = NULL, *s, *m = NULL; +@@ -167,35 +202,35 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + priv_key = EC_KEY_get0_private_key(eckey); + + if (group == NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (priv_key == NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY); + return NULL; + } + + if (!EC_KEY_can_sign(eckey)) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); + return NULL; + } + + ret = ECDSA_SIG_new(); + if (ret == NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->r = BN_new(); + ret->s = BN_new(); + if (ret->r == NULL || ret->s == NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } + s = ret->s; + + if ((ctx = BN_CTX_new()) == NULL + || (m = BN_new()) == NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } + +@@ -207,25 +242,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + if (8 * dgst_len > i) + dgst_len = (i + 7) / 8; + if (!BN_bin2bn(dgst, dgst_len, m)) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + /* If still too long, truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + do { + if (in_kinv == NULL || in_r == NULL) { + if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB); + goto err; + } + ckinv = kinv; + } else { + ckinv = in_kinv; + if (BN_copy(ret->r, in_r) == NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } + } +@@ -239,11 +274,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + */ + if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + if (!bn_mod_add_fixed_top(s, s, m, order)) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + /* +@@ -252,7 +287,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + */ + if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + +@@ -262,7 +297,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + * generate new kinv and r values + */ + if (in_kinv != NULL && in_r != NULL) { +- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); ++ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); + goto err; + } + } else { +@@ -314,8 +349,8 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + return ret; + } + +-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey) ++int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey) + { + int ret = -1, i; + BN_CTX *ctx; +@@ -328,18 +363,18 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + /* check input values */ + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || + (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS); + return -1; + } + + if (!EC_KEY_can_sign(eckey)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); + return -1; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE); + return -1; + } + BN_CTX_start(ctx); +@@ -348,26 +383,26 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + m = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + if (X == NULL) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + + order = EC_GROUP_get0_order(group); + if (order == NULL) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB); + goto err; + } + + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || + BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE); + ret = 0; /* signature is invalid */ + goto err; + } + /* calculate tmp1 = inv(S) mod order */ + if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + /* digest -> m */ +@@ -378,41 +413,41 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + if (8 * dgst_len > i) + dgst_len = (i + 7) / 8; + if (!BN_bin2bn(dgst, dgst_len, m)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + /* u1 = m * tmp mod order */ + if (!BN_mod_mul(u1, m, u2, order, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + /* u2 = r * w mod q */ + if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + + if ((point = EC_POINT_new(group)) == NULL) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB); + goto err; + } + + if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB); + goto err; + } + + if (!BN_nnmod(u1, X, order, ctx)) { +- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); ++ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); + goto err; + } + /* if the signature is correct u1 is equal to sig->r */ +diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c +index bdc39d5efb..479130dce1 100644 +--- a/crypto/ec/ecp_mont.c ++++ b/crypto/ec/ecp_mont.c +@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates, + ec_GFp_simple_ladder_pre, +diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c +index 9fd01279a8..55644f32a2 100644 +--- a/crypto/ec/ecp_nist.c ++++ b/crypto/ec/ecp_nist.c +@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates, + ec_GFp_simple_ladder_pre, +diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c +index 9a9ced8f13..bccd012d8a 100644 +--- a/crypto/ec/ecp_nistp224.c ++++ b/crypto/ec/ecp_nistp224.c +@@ -292,6 +292,9 @@ const EC_METHOD *EC_GFp_nistp224_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ +diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c +index e23e9d2a0b..eb88e7c146 100644 +--- a/crypto/ec/ecp_nistp256.c ++++ b/crypto/ec/ecp_nistp256.c +@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ +diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c +index 75eeba8536..ac46ee13eb 100644 +--- a/crypto/ec/ecp_nistp521.c ++++ b/crypto/ec/ecp_nistp521.c +@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ +diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c +index ba92681388..d4af937861 100644 +--- a/crypto/ec/ecp_nistz256.c ++++ b/crypto/ec/ecp_nistz256.c +@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ +diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c +index 8f9d747616..acbc27f1d8 100644 +--- a/crypto/ec/ecp_s390x_nistp.c ++++ b/crypto/ec/ecp_s390x_nistp.c +@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ + NULL, /* keycopy */ \ + NULL, /* keyfinish */ \ + ecdh_simple_compute_key, \ ++ ecdsa_simple_sign_setup, \ ++ ecdsa_simple_sign_sig, \ ++ ecdsa_simple_verify_sig, \ + NULL, /* field_inverse_mod_ord */ \ + ec_GFp_simple_blind_coordinates, \ + ec_GFp_simple_ladder_pre, \ +diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c +index b354bfe9ce..d16329a955 100644 +--- a/crypto/ec/ecp_smpl.c ++++ b/crypto/ec/ecp_smpl.c +@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(void) + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, ++ ecdsa_simple_sign_setup, ++ ecdsa_simple_sign_sig, ++ ecdsa_simple_verify_sig, + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates, + ec_GFp_simple_ladder_pre, +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index 35512f9caf..2b802f5403 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex + EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup + EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new + EC_F_ECDSA_VERIFY:253:ECDSA_verify ++EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup ++EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig ++EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig + EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify + EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type + EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode +@@ -657,6 +660,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_pre_comp_new + EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey + EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode + EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key ++EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup + EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig + EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig + EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl +@@ -2133,6 +2137,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too small + EC_R_CANNOT_INVERT:165:cannot invert + EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range + EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh ++EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa + EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing + EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure + EC_R_DECODE_ERROR:142:decode error +diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h +index f7b9183456..aa84338d00 100644 +--- a/include/openssl/ecerr.h ++++ b/include/openssl/ecerr.h +@@ -212,6 +212,7 @@ int ERR_load_EC_strings(void); + # define EC_R_CANNOT_INVERT 165 + # define EC_R_COORDINATES_OUT_OF_RANGE 146 + # define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 ++# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 + # define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 + # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 + # define EC_R_DECODE_ERROR 142 +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0020-s390x-assembly-pack-accelerate-ECDSA.patch openssl-1.1.1l/debian/patches/0020-s390x-assembly-pack-accelerate-ECDSA.patch --- openssl-1.1.1l/debian/patches/0020-s390x-assembly-pack-accelerate-ECDSA.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0020-s390x-assembly-pack-accelerate-ECDSA.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,316 @@ +From c6a194b21471a74547a7f80d668f5faead7c48d9 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Thu, 11 Jul 2019 10:38:18 +0200 +Subject: [PATCH 20/25] s390x assembly pack: accelerate ECDSA + +for NIST P-256, P-384 and P-521 using KDSA instruction. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9348) + +(cherry picked from commit b5c62c1131473ea2eb8a593ccf3b2f6522b974c2) +Signed-off-by: Dimitri John Ledkov +--- + crypto/ec/ecp_s390x_nistp.c | 204 +++++++++++++++++++++++++++++++++++- + crypto/err/openssl.txt | 2 + + include/openssl/ecerr.h | 6 ++ + 3 files changed, 207 insertions(+), 5 deletions(-) + +diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c +index acbc27f1d8..5a797dc061 100644 +--- a/crypto/ec/ecp_s390x_nistp.c ++++ b/crypto/ec/ecp_s390x_nistp.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include "ec_local.h" + #include "s390x_arch.h" + +@@ -28,6 +29,15 @@ + #define S390X_OFF_SRC_Y(n) (3 * n) + #define S390X_OFF_SCALAR(n) (4 * n) + ++/* Offsets of fields in KDSA parameter blocks */ ++#define S390X_OFF_R(n) (0 * n) ++#define S390X_OFF_S(n) (1 * n) ++#define S390X_OFF_H(n) (2 * n) ++#define S390X_OFF_K(n) (3 * n) ++#define S390X_OFF_X(n) (3 * n) ++#define S390X_OFF_RN(n) (4 * n) ++#define S390X_OFF_Y(n) (4 * n) ++ + static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, + size_t num, const EC_POINT *points[], +@@ -100,12 +110,169 @@ ret: + /* Otherwise use default. */ + if (rc == -1) + rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); +- OPENSSL_cleanse(param, sizeof(param)); ++ OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return rc; + } + ++static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, ++ int dgstlen, ++ const BIGNUM *kinv, ++ const BIGNUM *r, ++ EC_KEY *eckey, ++ unsigned int fc, int len) ++{ ++ unsigned char param[S390X_SIZE_PARAM]; ++ int ok = 0; ++ BIGNUM *k; ++ ECDSA_SIG *sig; ++ const EC_GROUP *group; ++ const BIGNUM *privkey; ++ int off; ++ ++ group = EC_KEY_get0_group(eckey); ++ privkey = EC_KEY_get0_private_key(eckey); ++ if (group == NULL || privkey == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, EC_R_MISSING_PARAMETERS); ++ return NULL; ++ } ++ ++ if (!EC_KEY_can_sign(eckey)) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ++ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); ++ return NULL; ++ } ++ ++ k = BN_secure_new(); ++ sig = ECDSA_SIG_new(); ++ if (k == NULL || sig == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE); ++ goto ret; ++ } ++ ++ sig->r = BN_new(); ++ sig->s = BN_new(); ++ if (sig->r == NULL || sig->s == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE); ++ goto ret; ++ } ++ ++ memset(param, 0, sizeof(param)); ++ off = len - (dgstlen > len ? len : dgstlen); ++ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); ++ ++ if (BN_bn2binpad(privkey, param + S390X_OFF_K(len), len) == -1) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB); ++ goto ret; ++ } ++ ++ if (r == NULL || kinv == NULL) { ++ /* ++ * Generate random k and copy to param param block. RAND_priv_bytes ++ * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce ++ * because kdsa instruction constructs an in-range, invertible nonce ++ * internally implementing counter-measures for RNG weakness. ++ */ ++ if (RAND_priv_bytes(param + S390X_OFF_RN(len), len) != 1) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ++ EC_R_RANDOM_NUMBER_GENERATION_FAILED); ++ goto ret; ++ } ++ } else { ++ /* Reconstruct k = (k^-1)^-1. */ ++ if (ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 ++ || BN_bn2binpad(k, param + S390X_OFF_RN(len), len) == -1) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB); ++ goto ret; ++ } ++ /* Turns KDSA internal nonce-generation off. */ ++ fc |= S390X_KDSA_D; ++ } ++ ++ if (s390x_kdsa(fc, param, NULL, 0) != 0) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_ECDSA_LIB); ++ goto ret; ++ } ++ ++ if (BN_bin2bn(param + S390X_OFF_R(len), len, sig->r) == NULL ++ || BN_bin2bn(param + S390X_OFF_S(len), len, sig->s) == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB); ++ goto ret; ++ } ++ ++ ok = 1; ++ret: ++ OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); ++ if (ok != 1) { ++ ECDSA_SIG_free(sig); ++ sig = NULL; ++ } ++ BN_clear_free(k); ++ return sig; ++} ++ ++static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen, ++ const ECDSA_SIG *sig, EC_KEY *eckey, ++ unsigned int fc, int len) ++{ ++ unsigned char param[S390X_SIZE_PARAM]; ++ int rc = -1; ++ BN_CTX *ctx; ++ BIGNUM *x, *y; ++ const EC_GROUP *group; ++ const EC_POINT *pubkey; ++ int off; ++ ++ group = EC_KEY_get0_group(eckey); ++ pubkey = EC_KEY_get0_public_key(eckey); ++ if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, EC_R_MISSING_PARAMETERS); ++ return -1; ++ } ++ ++ if (!EC_KEY_can_sign(eckey)) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ++ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); ++ return -1; ++ } ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ ++ BN_CTX_start(ctx); ++ ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (x == NULL || y == NULL) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE); ++ goto ret; ++ } ++ ++ memset(param, 0, sizeof(param)); ++ off = len - (dgstlen > len ? len : dgstlen); ++ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); ++ ++ if (group->meth->point_get_affine_coordinates(group, pubkey, ++ x, y, ctx) != 1 ++ || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1 ++ || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1 ++ || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1 ++ || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) { ++ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_BN_LIB); ++ goto ret; ++ } ++ ++ rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0; ++ret: ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ return rc; ++} ++ + #define EC_GFP_S390X_NISTP_METHOD(bits) \ + \ + static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ +@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ + S390X_SIZE_P##bits); \ + } \ + \ ++static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \ ++ char *dgst, \ ++ int dgstlen, \ ++ const BIGNUM *kinv,\ ++ const BIGNUM *r, \ ++ EC_KEY *eckey) \ ++{ \ ++ return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \ ++ S390X_ECDSA_SIGN_P##bits, \ ++ S390X_SIZE_P##bits); \ ++} \ ++ \ ++static int ecdsa_s390x_nistp##bits##_verify_sig(const \ ++ unsigned char *dgst, \ ++ int dgstlen, \ ++ const ECDSA_SIG *sig, \ ++ EC_KEY *eckey) \ ++{ \ ++ return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \ ++ S390X_ECDSA_VERIFY_P##bits, \ ++ S390X_SIZE_P##bits); \ ++} \ ++ \ + const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ + { \ + static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \ +@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ + NULL, /* keyfinish */ \ + ecdh_simple_compute_key, \ + ecdsa_simple_sign_setup, \ +- ecdsa_simple_sign_sig, \ +- ecdsa_simple_verify_sig, \ ++ ecdsa_s390x_nistp##bits##_sign_sig, \ ++ ecdsa_s390x_nistp##bits##_verify_sig, \ + NULL, /* field_inverse_mod_ord */ \ + ec_GFp_simple_blind_coordinates, \ + ec_GFp_simple_ladder_pre, \ +@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ + }; \ + static const EC_METHOD *ret; \ + \ +- if (OPENSSL_s390xcap_P.pcc[1] \ +- & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ ++ if ((OPENSSL_s390xcap_P.pcc[1] \ ++ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ ++ && (OPENSSL_s390xcap_P.kdsa[0] \ ++ & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \ ++ && (OPENSSL_s390xcap_P.kdsa[0] \ ++ & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \ + ret = &EC_GFp_s390x_nistp##bits##_meth; \ + else \ + ret = EC_GFp_mont_method(); \ +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index 2b802f5403..0b3d97dd9b 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -499,6 +499,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify + EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup + EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig + EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig ++EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig ++EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig + EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify + EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type + EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode +diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h +index aa84338d00..ec6fbffa11 100644 +--- a/include/openssl/ecerr.h ++++ b/include/openssl/ecerr.h +@@ -42,6 +42,11 @@ int ERR_load_EC_strings(void); + # define EC_F_ECDSA_SIGN_SETUP 248 + # define EC_F_ECDSA_SIG_NEW 265 + # define EC_F_ECDSA_VERIFY 253 ++# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310 ++# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311 ++# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312 ++# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 313 ++# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 314 + # define EC_F_ECD_ITEM_VERIFY 270 + # define EC_F_ECKEY_PARAM2TYPE 223 + # define EC_F_ECKEY_PARAM_DECODE 212 +@@ -185,6 +190,7 @@ int ERR_load_EC_strings(void); + # define EC_F_O2I_ECPUBLICKEY 152 + # define EC_F_OLD_EC_PRIV_DECODE 222 + # define EC_F_OSSL_ECDH_COMPUTE_KEY 247 ++# define EC_F_OSSL_ECDSA_SIGN_SETUP 300 + # define EC_F_OSSL_ECDSA_SIGN_SIG 249 + # define EC_F_OSSL_ECDSA_VERIFY_SIG 250 + # define EC_F_PKEY_ECD_CTRL 271 +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch openssl-1.1.1l/debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch --- openssl-1.1.1l/debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,32 @@ +From 65734fa53b55dd541095ea6091df43ce96daed66 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Fri, 12 Jul 2019 13:47:32 +0200 +Subject: [PATCH 21/25] OPENSSL_s390xcap.pod: list msa9 facility bit (155) + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/9348) + +(cherry picked from commit 3ded2288a45d2cc3a27a1b08d29499cbcec52c0e) +Signed-off-by: Dimitri John Ledkov +--- + doc/man3/OPENSSL_s390xcap.pod | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index 80528a597f..e1c7d7030f 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -72,6 +72,7 @@ the numbering is continuous across 64-bit mask boundaries. + #134 1<<57 vector packed decimal facility + #135 1<<56 vector enhancements facility 1 + #146 1<<45 message-security assist extension 8 ++ #155 1<<36 message-security assist extension 9 + + kimd : + # 1 1<<62 KIMD-SHA-1 +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch openssl-1.1.1l/debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch --- openssl-1.1.1l/debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,32 @@ +From 4b05becebc482b862c894ddec444c4441cc15414 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 24 Sep 2019 23:03:19 +0200 +Subject: [PATCH 22/25] s390x assembly pack: fix msa3 stfle bit detection + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/10004) + +(cherry picked from commit b3681e2641999be6c1f70e66497fe384d683a07e) +Signed-off-by: Dimitri John Ledkov +--- + crypto/s390xcpuid.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 2408ca52b0..6cc3fbc3fd 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -107,7 +107,7 @@ OPENSSL_s390x_functions: + la %r1,S390X_KMAC(%r4) + .long 0xb91e0042 # kmac %r4,%r2 + +- tmhh %r3,0x0003 # check for message-security-assist-3 ++ tmhh %r3,0x0008 # check for message-security-assist-3 + jz .Lret + + lghi %r0,S390X_QUERY # query pcc capability vector +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch openssl-1.1.1l/debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch --- openssl-1.1.1l/debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,48 @@ +From aba5efd988fca1ae58c64c6cbc93cbd99144487f Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 24 Sep 2019 23:20:00 +0200 +Subject: [PATCH 23/25] s390x assembly pack: fix OPENSSL_s390xcap z15 cpu mask + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/10004) + +(cherry picked from commit ac037dc874a721ca81a33b4314e26cef4a7e8d48) +Signed-off-by: Dimitri John Ledkov +--- + crypto/s390xcap.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c +index 00834e4f98..1f9851efc1 100644 +--- a/crypto/s390xcap.c ++++ b/crypto/s390xcap.c +@@ -547,7 +547,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) +- | S390X_CAPBIT(S390X_MSA8), ++ | S390X_CAPBIT(S390X_MSA8) ++ | S390X_CAPBIT(S390X_MSA9), + 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) +@@ -611,11 +612,10 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, +- /*.pcc = */{S390X_CAPBIT(S390X_QUERY) +- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) ++ /*.pcc = */{S390X_CAPBIT(S390X_QUERY), ++ S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) +- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521), +- 0ULL}, ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)}, + /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch openssl-1.1.1l/debian/patches/0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch --- openssl-1.1.1l/debian/patches/0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,1391 @@ +From 461702c5d9da9210c20092ad00a0233454665c58 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 19 Nov 2019 16:53:17 +0100 +Subject: [PATCH 24/25] s390x assembly pack: accelerate X25519, X448, Ed25519 + and Ed448 + +using PCC and KDSA instructions. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/10004) + +Signed-off-by: Patrick Steuer +(cherry picked from commit 56eb364ef5cf93e2658cd45fcffee435b80857b2) +Signed-off-by: Dimitri John Ledkov +--- + CHANGES | 4 + + Configure | 2 +- + crypto/cmac/cm_pmeth.c | 5 + + crypto/dh/dh_pmeth.c | 10 + + crypto/dsa/dsa_pmeth.c | 5 + + crypto/ec/build.info | 1 + + crypto/ec/ec_curve.c | 6 +- + crypto/ec/ec_local.h | 2 +- + crypto/ec/ec_pmeth.c | 5 + + crypto/ec/ecx_meth.c | 664 +++++++++++++++++++++++++++++++ + crypto/err/openssl.txt | 6 + + crypto/evp/pmeth_lib.c | 65 +-- + crypto/hmac/hm_pmeth.c | 5 + + crypto/kdf/hkdf.c | 5 + + crypto/kdf/scrypt.c | 5 + + crypto/kdf/tls1_prf.c | 5 + + crypto/poly1305/poly1305_pmeth.c | 5 + + crypto/rsa/rsa_pmeth.c | 10 + + crypto/s390x_arch.h | 11 + + crypto/s390xcap.c | 12 +- + crypto/s390xcpuid.pl | 56 +++ + crypto/siphash/siphash_pmeth.c | 5 + + crypto/sm2/sm2_pmeth.c | 5 + + doc/man3/OPENSSL_s390xcap.pod | 8 + + include/crypto/evp.h | 19 + + include/internal/constant_time.h | 28 ++ + include/openssl/ecerr.h | 6 + + 27 files changed, 923 insertions(+), 37 deletions(-) + +diff --git a/CHANGES b/CHANGES +index f4230aaac0..cfe3070bd5 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -88,6 +88,10 @@ + checksum programs. This aims to preserve backward compatibility. + [Matt Eaton, Richard Levitte, and Paul Dale] + ++ *) s390x assembly pack: add hardware-support for P-256, P-384, P-521, ++ X25519, X448, Ed25519 and Ed448. ++ [Patrick Steuer] ++ + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] +diff --git a/Configure b/Configure +index db86436378..93d0153387 100755 +--- a/Configure ++++ b/Configure +@@ -1389,7 +1389,7 @@ unless ($disabled{asm}) { + push @{$config{lib_defines}}, "ECP_NISTZ256_ASM"; + } + if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) { +- push @{$config{lib_defines}}, "S390X_NISTP_ASM"; ++ push @{$config{lib_defines}}, "S390X_EC_ASM"; + } + if ($target{ec_asm_src} =~ /x25519/) { + push @{$config{lib_defines}}, "X25519_ASM"; +diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c +index 5574f25be8..98673f92d9 100644 +--- a/crypto/cmac/cm_pmeth.c ++++ b/crypto/cmac/cm_pmeth.c +@@ -159,3 +159,8 @@ const EVP_PKEY_METHOD cmac_pkey_meth = { + pkey_cmac_ctrl, + pkey_cmac_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *cmac_pkey_method(void) ++{ ++ return &cmac_pkey_meth; ++} +diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c +index 1fd94deb47..328d409d79 100644 +--- a/crypto/dh/dh_pmeth.c ++++ b/crypto/dh/dh_pmeth.c +@@ -512,6 +512,11 @@ const EVP_PKEY_METHOD dh_pkey_meth = { + pkey_dh_ctrl_str + }; + ++const EVP_PKEY_METHOD *dh_pkey_method(void) ++{ ++ return &dh_pkey_meth; ++} ++ + const EVP_PKEY_METHOD dhx_pkey_meth = { + EVP_PKEY_DHX, + 0, +@@ -545,3 +550,8 @@ const EVP_PKEY_METHOD dhx_pkey_meth = { + pkey_dh_ctrl, + pkey_dh_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *dhx_pkey_method(void) ++{ ++ return &dhx_pkey_meth; ++} +diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c +index 4ca3747a46..45e76cb3c6 100644 +--- a/crypto/dsa/dsa_pmeth.c ++++ b/crypto/dsa/dsa_pmeth.c +@@ -271,3 +271,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = { + pkey_dsa_ctrl, + pkey_dsa_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *dsa_pkey_method(void) ++{ ++ return &dsa_pkey_meth; ++} +diff --git a/crypto/ec/build.info b/crypto/ec/build.info +index 5281aca86a..b4a85c5bcb 100644 +--- a/crypto/ec/build.info ++++ b/crypto/ec/build.info +@@ -27,6 +27,7 @@ INCLUDE[ecp_nistz256-armv8.o]=.. + GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME) + + INCLUDE[ecp_s390x_nistp.o]=.. ++INCLUDE[ecx_meth.o]=.. + + GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME) + GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME) +diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c +index 9f17188140..9127721c5c 100644 +--- a/crypto/ec/ec_curve.c ++++ b/crypto/ec/ec_curve.c +@@ -2830,14 +2830,14 @@ static const ec_list_element curve_list[] = { + "SECG curve over a 256 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +-# if defined(S390X_NISTP_ASM) ++# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, + # else + 0, + # endif + "NIST/SECG curve over a 384 bit prime field"}, + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +-# if defined(S390X_NISTP_ASM) ++# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, + # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +@@ -2861,7 +2861,7 @@ static const ec_list_element curve_list[] = { + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + #if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +-# elif defined(S390X_NISTP_ASM) ++# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, + # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h +index 5fc6009b3f..99bf70b5a1 100644 +--- a/crypto/ec/ec_local.h ++++ b/crypto/ec/ec_local.h +@@ -595,7 +595,7 @@ int ec_group_simple_order_bits(const EC_GROUP *group); + */ + const EC_METHOD *EC_GFp_nistz256_method(void); + #endif +-#ifdef S390X_NISTP_ASM ++#ifdef S390X_EC_ASM + const EC_METHOD *EC_GFp_s390x_nistp256_method(void); + const EC_METHOD *EC_GFp_s390x_nistp384_method(void); + const EC_METHOD *EC_GFp_s390x_nistp521_method(void); +diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c +index 64d2cc93a6..f21772915b 100644 +--- a/crypto/ec/ec_pmeth.c ++++ b/crypto/ec/ec_pmeth.c +@@ -474,3 +474,8 @@ const EVP_PKEY_METHOD ec_pkey_meth = { + pkey_ec_ctrl, + pkey_ec_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *ec_pkey_method(void) ++{ ++ return &ec_pkey_meth; ++} +diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c +index 9dc5259e4a..40cfc8e8dd 100644 +--- a/crypto/ec/ecx_meth.c ++++ b/crypto/ec/ecx_meth.c +@@ -20,6 +20,7 @@ + #define X25519_BITS 253 + #define X25519_SECURITY_BITS 128 + ++#define ED25519_KEYLEN 32 + #define ED25519_SIGSIZE 64 + + #define X448_BITS 448 +@@ -839,3 +840,666 @@ const EVP_PKEY_METHOD ed448_pkey_meth = { + pkey_ecd_digestsign448, + pkey_ecd_digestverify448 + }; ++ ++#ifdef S390X_EC_ASM ++# include "s390x_arch.h" ++# include "internal/constant_time.h" ++ ++static void s390x_x25519_mod_p(unsigned char u[32]) ++{ ++ unsigned char u_red[32]; ++ unsigned int c = 0; ++ int i; ++ ++ memcpy(u_red, u, sizeof(u_red)); ++ ++ c += (unsigned int)u_red[31] + 19; ++ u_red[31] = (unsigned char)c; ++ c >>= 8; ++ ++ for (i = 30; i >= 0; i--) { ++ c += (unsigned int)u_red[i]; ++ u_red[i] = (unsigned char)c; ++ c >>= 8; ++ } ++ ++ c = (u_red[0] & 0x80) >> 7; ++ u_red[0] &= 0x7f; ++ constant_time_cond_swap_buff(0 - (unsigned char)c, ++ u, u_red, sizeof(u_red)); ++} ++ ++static void s390x_x448_mod_p(unsigned char u[56]) ++{ ++ unsigned char u_red[56]; ++ unsigned int c = 0; ++ int i; ++ ++ memcpy(u_red, u, sizeof(u_red)); ++ ++ c += (unsigned int)u_red[55] + 1; ++ u_red[55] = (unsigned char)c; ++ c >>= 8; ++ ++ for (i = 54; i >= 28; i--) { ++ c += (unsigned int)u_red[i]; ++ u_red[i] = (unsigned char)c; ++ c >>= 8; ++ } ++ ++ c += (unsigned int)u_red[27] + 1; ++ u_red[27] = (unsigned char)c; ++ c >>= 8; ++ ++ for (i = 26; i >= 0; i--) { ++ c += (unsigned int)u_red[i]; ++ u_red[i] = (unsigned char)c; ++ c >>= 8; ++ } ++ ++ constant_time_cond_swap_buff(0 - (unsigned char)c, ++ u, u_red, sizeof(u_red)); ++} ++ ++static int s390x_x25519_mul(unsigned char u_dst[32], ++ const unsigned char u_src[32], ++ const unsigned char d_src[32]) ++{ ++ union { ++ struct { ++ unsigned char u_dst[32]; ++ unsigned char u_src[32]; ++ unsigned char d_src[32]; ++ } x25519; ++ unsigned long long buff[512]; ++ } param; ++ int rc; ++ ++ memset(¶m, 0, sizeof(param)); ++ ++ s390x_flip_endian32(param.x25519.u_src, u_src); ++ param.x25519.u_src[0] &= 0x7f; ++ s390x_x25519_mod_p(param.x25519.u_src); ++ ++ s390x_flip_endian32(param.x25519.d_src, d_src); ++ param.x25519.d_src[31] &= 248; ++ param.x25519.d_src[0] &= 127; ++ param.x25519.d_src[0] |= 64; ++ ++ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, ¶m.x25519) ? 0 : 1; ++ if (rc == 1) ++ s390x_flip_endian32(u_dst, param.x25519.u_dst); ++ ++ OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src)); ++ return rc; ++} ++ ++static int s390x_x448_mul(unsigned char u_dst[56], ++ const unsigned char u_src[56], ++ const unsigned char d_src[56]) ++{ ++ union { ++ struct { ++ unsigned char u_dst[64]; ++ unsigned char u_src[64]; ++ unsigned char d_src[64]; ++ } x448; ++ unsigned long long buff[512]; ++ } param; ++ int rc; ++ ++ memset(¶m, 0, sizeof(param)); ++ ++ memcpy(param.x448.u_src, u_src, 56); ++ memcpy(param.x448.d_src, d_src, 56); ++ ++ s390x_flip_endian64(param.x448.u_src, param.x448.u_src); ++ s390x_x448_mod_p(param.x448.u_src + 8); ++ ++ s390x_flip_endian64(param.x448.d_src, param.x448.d_src); ++ param.x448.d_src[63] &= 252; ++ param.x448.d_src[8] |= 128; ++ ++ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, ¶m.x448) ? 0 : 1; ++ if (rc == 1) { ++ s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst); ++ memcpy(u_dst, param.x448.u_dst, 56); ++ } ++ ++ OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src)); ++ return rc; ++} ++ ++static int s390x_ed25519_mul(unsigned char x_dst[32], ++ unsigned char y_dst[32], ++ const unsigned char x_src[32], ++ const unsigned char y_src[32], ++ const unsigned char d_src[32]) ++{ ++ union { ++ struct { ++ unsigned char x_dst[32]; ++ unsigned char y_dst[32]; ++ unsigned char x_src[32]; ++ unsigned char y_src[32]; ++ unsigned char d_src[32]; ++ } ed25519; ++ unsigned long long buff[512]; ++ } param; ++ int rc; ++ ++ memset(¶m, 0, sizeof(param)); ++ ++ s390x_flip_endian32(param.ed25519.x_src, x_src); ++ s390x_flip_endian32(param.ed25519.y_src, y_src); ++ s390x_flip_endian32(param.ed25519.d_src, d_src); ++ ++ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, ¶m.ed25519) ? 0 : 1; ++ if (rc == 1) { ++ s390x_flip_endian32(x_dst, param.ed25519.x_dst); ++ s390x_flip_endian32(y_dst, param.ed25519.y_dst); ++ } ++ ++ OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src)); ++ return rc; ++} ++ ++static int s390x_ed448_mul(unsigned char x_dst[57], ++ unsigned char y_dst[57], ++ const unsigned char x_src[57], ++ const unsigned char y_src[57], ++ const unsigned char d_src[57]) ++{ ++ union { ++ struct { ++ unsigned char x_dst[64]; ++ unsigned char y_dst[64]; ++ unsigned char x_src[64]; ++ unsigned char y_src[64]; ++ unsigned char d_src[64]; ++ } ed448; ++ unsigned long long buff[512]; ++ } param; ++ int rc; ++ ++ memset(¶m, 0, sizeof(param)); ++ ++ memcpy(param.ed448.x_src, x_src, 57); ++ memcpy(param.ed448.y_src, y_src, 57); ++ memcpy(param.ed448.d_src, d_src, 57); ++ s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src); ++ s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src); ++ s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src); ++ ++ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, ¶m.ed448) ? 0 : 1; ++ if (rc == 1) { ++ s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst); ++ s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst); ++ memcpy(x_dst, param.ed448.x_dst, 57); ++ memcpy(y_dst, param.ed448.y_dst, 57); ++ } ++ ++ OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src)); ++ return rc; ++} ++ ++static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ static const unsigned char generator[] = { ++ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ++ }; ++ ECX_KEY *key; ++ unsigned char *privkey = NULL, *pubkey; ++ ++ key = OPENSSL_zalloc(sizeof(*key)); ++ if (key == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pubkey = key->pubkey; ++ ++ privkey = key->privkey = OPENSSL_secure_malloc(X25519_KEYLEN); ++ if (privkey == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (RAND_priv_bytes(privkey, X25519_KEYLEN) <= 0) ++ goto err; ++ ++ privkey[0] &= 248; ++ privkey[31] &= 127; ++ privkey[31] |= 64; ++ ++ if (s390x_x25519_mul(pubkey, generator, privkey) != 1) ++ goto err; ++ ++ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); ++ return 1; ++ err: ++ OPENSSL_secure_clear_free(privkey, X25519_KEYLEN); ++ key->privkey = NULL; ++ OPENSSL_free(key); ++ return 0; ++} ++ ++static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ static const unsigned char generator[] = { ++ 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ++ }; ++ ECX_KEY *key; ++ unsigned char *privkey = NULL, *pubkey; ++ ++ key = OPENSSL_zalloc(sizeof(*key)); ++ if (key == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pubkey = key->pubkey; ++ ++ privkey = key->privkey = OPENSSL_secure_malloc(X448_KEYLEN); ++ if (privkey == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (RAND_priv_bytes(privkey, X448_KEYLEN) <= 0) ++ goto err; ++ ++ privkey[0] &= 252; ++ privkey[55] |= 128; ++ ++ if (s390x_x448_mul(pubkey, generator, privkey) != 1) ++ goto err; ++ ++ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); ++ return 1; ++ err: ++ OPENSSL_secure_clear_free(privkey, X448_KEYLEN); ++ key->privkey = NULL; ++ OPENSSL_free(key); ++ return 0; ++} ++ ++static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ static const unsigned char generator_x[] = { ++ 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, ++ 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, ++ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 ++ }; ++ static const unsigned char generator_y[] = { ++ 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, ++ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, ++ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, ++ }; ++ unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; ++ ECX_KEY *key; ++ unsigned char *privkey = NULL, *pubkey; ++ ++ key = OPENSSL_zalloc(sizeof(*key)); ++ if (key == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pubkey = key->pubkey; ++ ++ privkey = key->privkey = OPENSSL_secure_malloc(ED25519_KEYLEN); ++ if (privkey == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0) ++ goto err; ++ ++ SHA512(privkey, 32, buff); ++ buff[0] &= 248; ++ buff[31] &= 63; ++ buff[31] |= 64; ++ ++ if (s390x_ed25519_mul(x_dst, pubkey, ++ generator_x, generator_y, buff) != 1) ++ goto err; ++ ++ pubkey[31] |= ((x_dst[0] & 0x01) << 7); ++ ++ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); ++ return 1; ++ err: ++ OPENSSL_secure_clear_free(privkey, ED25519_KEYLEN); ++ key->privkey = NULL; ++ OPENSSL_free(key); ++ return 0; ++} ++ ++static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ++{ ++ static const unsigned char generator_x[] = { ++ 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b, ++ 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12, ++ 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47, ++ 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22, ++ 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00 ++ }; ++ static const unsigned char generator_y[] = { ++ 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e, ++ 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a, ++ 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c, ++ 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88, ++ 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00 ++ }; ++ unsigned char x_dst[57], buff[114]; ++ ECX_KEY *key; ++ unsigned char *privkey = NULL, *pubkey; ++ EVP_MD_CTX *hashctx = NULL; ++ ++ key = OPENSSL_zalloc(sizeof(*key)); ++ if (key == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pubkey = key->pubkey; ++ ++ privkey = key->privkey = OPENSSL_secure_malloc(ED448_KEYLEN); ++ if (privkey == NULL) { ++ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (RAND_priv_bytes(privkey, ED448_KEYLEN) <= 0) ++ goto err; ++ ++ hashctx = EVP_MD_CTX_new(); ++ if (hashctx == NULL) ++ goto err; ++ if (EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) != 1) ++ goto err; ++ if (EVP_DigestUpdate(hashctx, privkey, 57) != 1) ++ goto err; ++ if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1) ++ goto err; ++ ++ buff[0] &= -4; ++ buff[55] |= 0x80; ++ buff[56] = 0; ++ ++ if (s390x_ed448_mul(x_dst, pubkey, ++ generator_x, generator_y, buff) != 1) ++ goto err; ++ ++ pubkey[56] |= ((x_dst[0] & 0x01) << 7); ++ ++ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); ++ EVP_MD_CTX_free(hashctx); ++ return 1; ++ err: ++ OPENSSL_secure_clear_free(privkey, ED448_KEYLEN); ++ key->privkey = NULL; ++ OPENSSL_free(key); ++ EVP_MD_CTX_free(hashctx); ++ return 0; ++} ++ ++static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, ++ size_t *keylen) ++{ ++ const unsigned char *privkey, *pubkey; ++ ++ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) ++ return 0; ++ ++ if (key != NULL) ++ return s390x_x25519_mul(key, pubkey, privkey); ++ ++ *keylen = X25519_KEYLEN; ++ return 1; ++} ++ ++static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, ++ size_t *keylen) ++{ ++ const unsigned char *privkey, *pubkey; ++ ++ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) ++ return 0; ++ ++ if (key != NULL) ++ return s390x_x448_mul(key, pubkey, privkey); ++ ++ *keylen = X448_KEYLEN; ++ return 1; ++} ++ ++static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, ++ unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen) ++{ ++ union { ++ struct { ++ unsigned char sig[64]; ++ unsigned char priv[32]; ++ } ed25519; ++ unsigned long long buff[512]; ++ } param; ++ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; ++ int rc; ++ ++ if (sig == NULL) { ++ *siglen = ED25519_SIGSIZE; ++ return 1; ++ } ++ ++ if (*siglen < ED25519_SIGSIZE) { ++ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL); ++ return 0; ++ } ++ ++ memset(¶m, 0, sizeof(param)); ++ memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv)); ++ ++ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, ¶m.ed25519, tbs, tbslen); ++ OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv)); ++ if (rc != 0) ++ return 0; ++ ++ s390x_flip_endian32(sig, param.ed25519.sig); ++ s390x_flip_endian32(sig + 32, param.ed25519.sig + 32); ++ ++ *siglen = ED25519_SIGSIZE; ++ return 1; ++} ++ ++static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, ++ unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen) ++{ ++ union { ++ struct { ++ unsigned char sig[128]; ++ unsigned char priv[64]; ++ } ed448; ++ unsigned long long buff[512]; ++ } param; ++ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; ++ int rc; ++ ++ if (sig == NULL) { ++ *siglen = ED448_SIGSIZE; ++ return 1; ++ } ++ ++ if (*siglen < ED448_SIGSIZE) { ++ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL); ++ return 0; ++ } ++ ++ memset(¶m, 0, sizeof(param)); ++ memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57); ++ ++ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, ¶m.ed448, tbs, tbslen); ++ OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv)); ++ if (rc != 0) ++ return 0; ++ ++ s390x_flip_endian64(param.ed448.sig, param.ed448.sig); ++ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); ++ memcpy(sig, param.ed448.sig, 57); ++ memcpy(sig + 57, param.ed448.sig + 64, 57); ++ ++ *siglen = ED448_SIGSIZE; ++ return 1; ++} ++ ++static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen) ++{ ++ union { ++ struct { ++ unsigned char sig[64]; ++ unsigned char pub[32]; ++ } ed25519; ++ unsigned long long buff[512]; ++ } param; ++ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; ++ ++ if (siglen != ED25519_SIGSIZE) ++ return 0; ++ ++ memset(¶m, 0, sizeof(param)); ++ s390x_flip_endian32(param.ed25519.sig, sig); ++ s390x_flip_endian32(param.ed25519.sig + 32, sig + 32); ++ s390x_flip_endian32(param.ed25519.pub, edkey->pubkey); ++ ++ return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519, ++ ¶m.ed25519, tbs, tbslen) == 0 ? 1 : 0; ++} ++ ++static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen) ++{ ++ union { ++ struct { ++ unsigned char sig[128]; ++ unsigned char pub[64]; ++ } ed448; ++ unsigned long long buff[512]; ++ } param; ++ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; ++ ++ if (siglen != ED448_SIGSIZE) ++ return 0; ++ ++ memset(¶m, 0, sizeof(param)); ++ memcpy(param.ed448.sig, sig, 57); ++ s390x_flip_endian64(param.ed448.sig, param.ed448.sig); ++ memcpy(param.ed448.sig + 64, sig + 57, 57); ++ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); ++ memcpy(param.ed448.pub, edkey->pubkey, 57); ++ s390x_flip_endian64(param.ed448.pub, param.ed448.pub); ++ ++ return s390x_kdsa(S390X_EDDSA_VERIFY_ED448, ++ ¶m.ed448, tbs, tbslen) == 0 ? 1 : 0; ++} ++ ++static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = { ++ EVP_PKEY_X25519, ++ 0, 0, 0, 0, 0, 0, 0, ++ s390x_pkey_ecx_keygen25519, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ s390x_pkey_ecx_derive25519, ++ pkey_ecx_ctrl, ++ 0 ++}; ++ ++static const EVP_PKEY_METHOD ecx448_s390x_pkey_meth = { ++ EVP_PKEY_X448, ++ 0, 0, 0, 0, 0, 0, 0, ++ s390x_pkey_ecx_keygen448, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ s390x_pkey_ecx_derive448, ++ pkey_ecx_ctrl, ++ 0 ++}; ++static const EVP_PKEY_METHOD ed25519_s390x_pkey_meth = { ++ EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, ++ 0, 0, 0, 0, 0, 0, ++ s390x_pkey_ecd_keygen25519, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ pkey_ecd_ctrl, ++ 0, ++ s390x_pkey_ecd_digestsign25519, ++ s390x_pkey_ecd_digestverify25519 ++}; ++ ++static const EVP_PKEY_METHOD ed448_s390x_pkey_meth = { ++ EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, ++ 0, 0, 0, 0, 0, 0, ++ s390x_pkey_ecd_keygen448, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ pkey_ecd_ctrl, ++ 0, ++ s390x_pkey_ecd_digestsign448, ++ s390x_pkey_ecd_digestverify448 ++}; ++#endif ++ ++const EVP_PKEY_METHOD *ecx25519_pkey_method(void) ++{ ++#ifdef S390X_EC_ASM ++ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) ++ return &ecx25519_s390x_pkey_meth; ++#endif ++ return &ecx25519_pkey_meth; ++} ++ ++const EVP_PKEY_METHOD *ecx448_pkey_method(void) ++{ ++#ifdef S390X_EC_ASM ++ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) ++ return &ecx448_s390x_pkey_meth; ++#endif ++ return &ecx448_pkey_meth; ++} ++ ++const EVP_PKEY_METHOD *ed25519_pkey_method(void) ++{ ++#ifdef S390X_EC_ASM ++ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) ++ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) ++ && OPENSSL_s390xcap_P.kdsa[0] ++ & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519)) ++ return &ed25519_s390x_pkey_meth; ++#endif ++ return &ed25519_pkey_meth; ++} ++ ++const EVP_PKEY_METHOD *ed448_pkey_method(void) ++{ ++#ifdef S390X_EC_ASM ++ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) ++ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448) ++ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448)) ++ return &ed448_s390x_pkey_meth; ++#endif ++ return &ed448_pkey_meth; ++} +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index 0b3d97dd9b..3262d17f69 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -678,6 +678,12 @@ EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_derive + EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen + EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen + EC_F_PKEY_EC_SIGN:218:pkey_ec_sign ++EC_F_S390X_PKEY_ECD_DIGESTSIGN25519:303:s390x_pkey_ecd_digestsign25519 ++EC_F_S390X_PKEY_ECD_DIGESTSIGN448:304:s390x_pkey_ecd_digestsign448 ++EC_F_S390X_PKEY_ECD_KEYGEN25519:305:s390x_pkey_ecd_keygen25519 ++EC_F_S390X_PKEY_ECD_KEYGEN448:306:s390x_pkey_ecd_keygen448 ++EC_F_S390X_PKEY_ECX_KEYGEN25519:307:s390x_pkey_ecx_keygen25519 ++EC_F_S390X_PKEY_ECX_KEYGEN448:308:s390x_pkey_ecx_keygen448 + EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive + ENGINE_F_DIGEST_UPDATE:198:digest_update + ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index 603ccd8352..3b4ed714cf 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -17,60 +17,67 @@ + #include "crypto/evp.h" + #include "internal/numbers.h" + ++typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); + typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); + + static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; + + /* This array needs to be in order of NIDs */ +-static const EVP_PKEY_METHOD *standard_methods[] = { ++static pmeth_fn standard_methods[] = { + #ifndef OPENSSL_NO_RSA +- &rsa_pkey_meth, ++ rsa_pkey_method, + #endif + #ifndef OPENSSL_NO_DH +- &dh_pkey_meth, ++ dh_pkey_method, + #endif + #ifndef OPENSSL_NO_DSA +- &dsa_pkey_meth, ++ dsa_pkey_method, + #endif + #ifndef OPENSSL_NO_EC +- &ec_pkey_meth, ++ ec_pkey_method, + #endif +- &hmac_pkey_meth, ++ hmac_pkey_method, + #ifndef OPENSSL_NO_CMAC +- &cmac_pkey_meth, ++ cmac_pkey_method, + #endif + #ifndef OPENSSL_NO_RSA +- &rsa_pss_pkey_meth, ++ rsa_pss_pkey_method, + #endif + #ifndef OPENSSL_NO_DH +- &dhx_pkey_meth, ++ dhx_pkey_method, + #endif + #ifndef OPENSSL_NO_SCRYPT +- &scrypt_pkey_meth, ++ scrypt_pkey_method, + #endif +- &tls1_prf_pkey_meth, ++ tls1_prf_pkey_method, + #ifndef OPENSSL_NO_EC +- &ecx25519_pkey_meth, +- &ecx448_pkey_meth, ++ ecx25519_pkey_method, ++ ecx448_pkey_method, + #endif +- &hkdf_pkey_meth, ++ hkdf_pkey_method, + #ifndef OPENSSL_NO_POLY1305 +- &poly1305_pkey_meth, ++ poly1305_pkey_method, + #endif + #ifndef OPENSSL_NO_SIPHASH +- &siphash_pkey_meth, ++ siphash_pkey_method, + #endif + #ifndef OPENSSL_NO_EC +- &ed25519_pkey_meth, +- &ed448_pkey_meth, ++ ed25519_pkey_method, ++ ed448_pkey_method, + #endif + #ifndef OPENSSL_NO_SM2 +- &sm2_pkey_meth, ++ sm2_pkey_method, + #endif + }; + +-DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, +- pmeth); ++DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); ++ ++static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b) ++{ ++ return ((*a)->pkey_id - ((**b)())->pkey_id); ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); + + static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, + const EVP_PKEY_METHOD *const *b) +@@ -78,13 +85,11 @@ static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, + return ((*a)->pkey_id - (*b)->pkey_id); + } + +-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, +- pmeth); +- + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) + { ++ pmeth_fn *ret; + EVP_PKEY_METHOD tmp; +- const EVP_PKEY_METHOD *t = &tmp, **ret; ++ const EVP_PKEY_METHOD *t = &tmp; + tmp.pkey_id = type; + if (app_pkey_methods) { + int idx; +@@ -92,12 +97,12 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) + if (idx >= 0) + return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); + } +- ret = OBJ_bsearch_pmeth(&t, standard_methods, +- sizeof(standard_methods) / +- sizeof(EVP_PKEY_METHOD *)); ++ ret = OBJ_bsearch_pmeth_func(&t, standard_methods, ++ sizeof(standard_methods) / ++ sizeof(pmeth_fn)); + if (!ret || !*ret) + return NULL; +- return *ret; ++ return (**ret)(); + } + + static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) +@@ -340,7 +345,7 @@ size_t EVP_PKEY_meth_get_count(void) + const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) + { + if (idx < OSSL_NELEM(standard_methods)) +- return standard_methods[idx]; ++ return (standard_methods[idx])(); + if (app_pkey_methods == NULL) + return NULL; + idx -= OSSL_NELEM(standard_methods); +diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c +index 56f98707f5..eea42632c9 100644 +--- a/crypto/hmac/hm_pmeth.c ++++ b/crypto/hmac/hm_pmeth.c +@@ -210,3 +210,8 @@ const EVP_PKEY_METHOD hmac_pkey_meth = { + pkey_hmac_ctrl, + pkey_hmac_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *hmac_pkey_method(void) ++{ ++ return &hmac_pkey_meth; ++} +diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c +index 25bf4b729f..f839cda1fb 100644 +--- a/crypto/kdf/hkdf.c ++++ b/crypto/kdf/hkdf.c +@@ -254,6 +254,11 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = { + pkey_hkdf_ctrl_str + }; + ++const EVP_PKEY_METHOD *hkdf_pkey_method(void) ++{ ++ return &hkdf_pkey_meth; ++} ++ + static unsigned char *HKDF(const EVP_MD *evp_md, + const unsigned char *salt, size_t salt_len, + const unsigned char *key, size_t key_len, +diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c +index 68606ac00a..58cf4d5614 100644 +--- a/crypto/kdf/scrypt.c ++++ b/crypto/kdf/scrypt.c +@@ -263,4 +263,9 @@ const EVP_PKEY_METHOD scrypt_pkey_meth = { + pkey_scrypt_ctrl_str + }; + ++const EVP_PKEY_METHOD *scrypt_pkey_method(void) ++{ ++ return &scrypt_pkey_meth; ++} ++ + #endif +diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c +index e9ca8e1278..d448f30aed 100644 +--- a/crypto/kdf/tls1_prf.c ++++ b/crypto/kdf/tls1_prf.c +@@ -172,6 +172,11 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth = { + pkey_tls1_prf_ctrl_str + }; + ++const EVP_PKEY_METHOD *tls1_prf_pkey_method(void) ++{ ++ return &tls1_prf_pkey_meth; ++} ++ + static int tls1_prf_P_hash(const EVP_MD *md, + const unsigned char *sec, size_t sec_len, + const unsigned char *seed, size_t seed_len, +diff --git a/crypto/poly1305/poly1305_pmeth.c b/crypto/poly1305/poly1305_pmeth.c +index 49a799a12f..7f8d8dcf21 100644 +--- a/crypto/poly1305/poly1305_pmeth.c ++++ b/crypto/poly1305/poly1305_pmeth.c +@@ -192,3 +192,8 @@ const EVP_PKEY_METHOD poly1305_pkey_meth = { + pkey_poly1305_ctrl, + pkey_poly1305_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *poly1305_pkey_method(void) ++{ ++ return &poly1305_pkey_meth; ++} +diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c +index 0eb21c8af9..a6ba7d6304 100644 +--- a/crypto/rsa/rsa_pmeth.c ++++ b/crypto/rsa/rsa_pmeth.c +@@ -789,6 +789,11 @@ const EVP_PKEY_METHOD rsa_pkey_meth = { + pkey_rsa_ctrl_str + }; + ++const EVP_PKEY_METHOD *rsa_pkey_method(void) ++{ ++ return &rsa_pkey_meth; ++} ++ + /* + * Called for PSS sign or verify initialisation: checks PSS parameter + * sanity and sets any restrictions on key usage. +@@ -859,3 +864,8 @@ const EVP_PKEY_METHOD rsa_pss_pkey_meth = { + pkey_rsa_ctrl, + pkey_rsa_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *rsa_pss_pkey_method(void) ++{ ++ return &rsa_pss_pkey_meth; ++} +diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h +index 6068fe94d2..9d2b7a253b 100644 +--- a/crypto/s390x_arch.h ++++ b/crypto/s390x_arch.h +@@ -30,6 +30,9 @@ int s390x_pcc(unsigned int fc, void *param); + int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in, + size_t len); + ++void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]); ++void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]); ++ + /* + * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by + * the STFLE instruction followed by the 64-bit word pairs returned by +@@ -123,6 +126,10 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_SCALAR_MULTIPLY_P256 64 + # define S390X_SCALAR_MULTIPLY_P384 65 + # define S390X_SCALAR_MULTIPLY_P521 66 ++# define S390X_SCALAR_MULTIPLY_ED25519 72 ++# define S390X_SCALAR_MULTIPLY_ED448 73 ++# define S390X_SCALAR_MULTIPLY_X25519 80 ++# define S390X_SCALAR_MULTIPLY_X448 81 + + /* kdsa */ + # define S390X_ECDSA_VERIFY_P256 1 +@@ -131,6 +138,10 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + # define S390X_ECDSA_SIGN_P256 9 + # define S390X_ECDSA_SIGN_P384 10 + # define S390X_ECDSA_SIGN_P521 11 ++# define S390X_EDDSA_VERIFY_ED25519 32 ++# define S390X_EDDSA_VERIFY_ED448 36 ++# define S390X_EDDSA_SIGN_ED25519 40 ++# define S390X_EDDSA_SIGN_ED448 44 + + /* Register 0 Flags */ + # define S390X_DECRYPT 0x80 +diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c +index 1f9851efc1..bc9aebcf18 100644 +--- a/crypto/s390xcap.c ++++ b/crypto/s390xcap.c +@@ -615,14 +615,22 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) + /*.pcc = */{S390X_CAPBIT(S390X_QUERY), + S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) +- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)}, ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519) ++ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)}, + /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) +- | S390X_CAPBIT(S390X_ECDSA_SIGN_P521), ++ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521) ++ | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519) ++ | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448) ++ | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) ++ | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448), + 0ULL}, + }; + +diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl +index 6cc3fbc3fd..64333b6661 100755 +--- a/crypto/s390xcpuid.pl ++++ b/crypto/s390xcpuid.pl +@@ -493,6 +493,62 @@ s390x_kdsa: + ___ + } + ++################ ++# void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]) ++{ ++my ($dst,$src) = map("%r$_",(2..3)); ++$code.=<<___; ++.globl s390x_flip_endian32 ++.type s390x_flip_endian32,\@function ++.align 16 ++s390x_flip_endian32: ++ lrvg %r0,0(%r0,$src) ++ lrvg %r1,8(%r0,$src) ++ lrvg %r4,16(%r0,$src) ++ lrvg %r5,24(%r0,$src) ++ stg %r0,24(%r0,$dst) ++ stg %r1,16(%r0,$dst) ++ stg %r4,8(%r0,$dst) ++ stg %r5,0(%r0,$dst) ++ br $ra ++.size s390x_flip_endian32,.-s390x_flip_endian32 ++___ ++} ++ ++################ ++# void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]) ++{ ++my ($dst,$src) = map("%r$_",(2..3)); ++$code.=<<___; ++.globl s390x_flip_endian64 ++.type s390x_flip_endian64,\@function ++.align 16 ++s390x_flip_endian64: ++ stmg %r6,%r9,6*$SIZE_T($sp) ++ ++ lrvg %r0,0(%r0,$src) ++ lrvg %r1,8(%r0,$src) ++ lrvg %r4,16(%r0,$src) ++ lrvg %r5,24(%r0,$src) ++ lrvg %r6,32(%r0,$src) ++ lrvg %r7,40(%r0,$src) ++ lrvg %r8,48(%r0,$src) ++ lrvg %r9,56(%r0,$src) ++ stg %r0,56(%r0,$dst) ++ stg %r1,48(%r0,$dst) ++ stg %r4,40(%r0,$dst) ++ stg %r5,32(%r0,$dst) ++ stg %r6,24(%r0,$dst) ++ stg %r7,16(%r0,$dst) ++ stg %r8,8(%r0,$dst) ++ stg %r9,0(%r0,$dst) ++ ++ lmg %r6,%r9,6*$SIZE_T($sp) ++ br $ra ++.size s390x_flip_endian64,.-s390x_flip_endian64 ++___ ++} ++ + $code.=<<___; + .section .init + brasl $ra,OPENSSL_cpuid_setup +diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c +index 0c7d2c6190..eaa8214c37 100644 +--- a/crypto/siphash/siphash_pmeth.c ++++ b/crypto/siphash/siphash_pmeth.c +@@ -203,3 +203,8 @@ const EVP_PKEY_METHOD siphash_pkey_meth = { + pkey_siphash_ctrl, + pkey_siphash_ctrl_str + }; ++ ++const EVP_PKEY_METHOD *siphash_pkey_method(void) ++{ ++ return &siphash_pkey_meth; ++} +diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c +index b42a14c32f..086386ee4e 100644 +--- a/crypto/sm2/sm2_pmeth.c ++++ b/crypto/sm2/sm2_pmeth.c +@@ -327,3 +327,8 @@ const EVP_PKEY_METHOD sm2_pkey_meth = { + + pkey_sm2_digest_custom + }; ++ ++const EVP_PKEY_METHOD *sm2_pkey_method(void) ++{ ++ return &sm2_pkey_meth; ++} +diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod +index e1c7d7030f..f42f9e33cb 100644 +--- a/doc/man3/OPENSSL_s390xcap.pod ++++ b/doc/man3/OPENSSL_s390xcap.pod +@@ -145,6 +145,10 @@ the numbering is continuous across 64-bit mask boundaries. + # 64 1<<63 PCC-Scalar-Multiply-P256 + # 65 1<<62 PCC-Scalar-Multiply-P384 + # 66 1<<61 PCC-Scalar-Multiply-P521 ++ # 72 1<<55 PCC-Scalar-Multiply-Ed25519 ++ # 73 1<<54 PCC-Scalar-Multiply-Ed448 ++ # 80 1<<47 PCC-Scalar-Multiply-X25519 ++ # 81 1<<46 PCC-Scalar-Multiply-X448 + + kdsa : + # 1 1<<62 KDSA-ECDSA-Verify-P256 +@@ -153,6 +157,10 @@ the numbering is continuous across 64-bit mask boundaries. + # 9 1<<54 KDSA-ECDSA-Sign-P256 + # 10 1<<53 KDSA-ECDSA-Sign-P384 + # 11 1<<52 KDSA-ECDSA-Sign-P521 ++ # 32 1<<31 KDSA-EdDSA-Verify-Ed25519 ++ # 36 1<<27 KDSA-EdDSA-Verify-Ed448 ++ # 40 1<<23 KDSA-EdDSA-Sign-Ed25519 ++ # 44 1<<19 KDSA-EdDSA-Sign-Ed448 + : + + =head1 RETURN VALUES +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index d86aed36f0..e8cb07ff84 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -440,3 +440,22 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); + #define EVP_ENCODE_CTX_NO_NEWLINES 1 + /* Use the SRP base64 alphabet instead of the standard one */ + #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 ++ ++const EVP_PKEY_METHOD *cmac_pkey_method(void); ++const EVP_PKEY_METHOD *dh_pkey_method(void); ++const EVP_PKEY_METHOD *dhx_pkey_method(void); ++const EVP_PKEY_METHOD *dsa_pkey_method(void); ++const EVP_PKEY_METHOD *ec_pkey_method(void); ++const EVP_PKEY_METHOD *sm2_pkey_method(void); ++const EVP_PKEY_METHOD *ecx25519_pkey_method(void); ++const EVP_PKEY_METHOD *ecx448_pkey_method(void); ++const EVP_PKEY_METHOD *ed25519_pkey_method(void); ++const EVP_PKEY_METHOD *ed448_pkey_method(void); ++const EVP_PKEY_METHOD *hmac_pkey_method(void); ++const EVP_PKEY_METHOD *rsa_pkey_method(void); ++const EVP_PKEY_METHOD *rsa_pss_pkey_method(void); ++const EVP_PKEY_METHOD *scrypt_pkey_method(void); ++const EVP_PKEY_METHOD *tls1_prf_pkey_method(void); ++const EVP_PKEY_METHOD *hkdf_pkey_method(void); ++const EVP_PKEY_METHOD *poly1305_pkey_method(void); ++const EVP_PKEY_METHOD *siphash_pkey_method(void); +diff --git a/include/internal/constant_time.h b/include/internal/constant_time.h +index 6600a1d72a..7f0627d726 100644 +--- a/include/internal/constant_time.h ++++ b/include/internal/constant_time.h +@@ -352,6 +352,34 @@ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, + *b ^= xor; + } + ++/* ++ * mask must be 0xFF or 0x00. ++ * "constant time" is per len. ++ * ++ * if (mask) { ++ * unsigned char tmp[len]; ++ * ++ * memcpy(tmp, a, len); ++ * memcpy(a, b); ++ * memcpy(b, tmp); ++ * } ++ */ ++static ossl_inline void constant_time_cond_swap_buff(unsigned char mask, ++ unsigned char *a, ++ unsigned char *b, ++ size_t len) ++{ ++ size_t i; ++ unsigned char tmp; ++ ++ for (i = 0; i < len; i++) { ++ tmp = a[i] ^ b[i]; ++ tmp &= mask; ++ a[i] ^= tmp; ++ b[i] ^= tmp; ++ } ++} ++ + /* + * table is a two dimensional array of bytes. Each row has rowsize elements. + * Copies row number idx into out. rowsize and numrows are not considered +diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h +index ec6fbffa11..eaa0bd50dc 100644 +--- a/include/openssl/ecerr.h ++++ b/include/openssl/ecerr.h +@@ -206,6 +206,12 @@ int ERR_load_EC_strings(void); + # define EC_F_PKEY_EC_KEYGEN 199 + # define EC_F_PKEY_EC_PARAMGEN 219 + # define EC_F_PKEY_EC_SIGN 218 ++# define EC_F_S390X_PKEY_ECD_DIGESTSIGN25519 320 ++# define EC_F_S390X_PKEY_ECD_DIGESTSIGN448 321 ++# define EC_F_S390X_PKEY_ECD_KEYGEN25519 322 ++# define EC_F_S390X_PKEY_ECD_KEYGEN448 323 ++# define EC_F_S390X_PKEY_ECX_KEYGEN25519 324 ++# define EC_F_S390X_PKEY_ECX_KEYGEN448 325 + # define EC_F_VALIDATE_ECX_DERIVE 278 + + /* +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch openssl-1.1.1l/debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch --- openssl-1.1.1l/debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/0025-Add-self-generated-test-vector-for-x448-non-canonica.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,49 @@ +From f30d6611bcc324807cd4534d8bca9f841a1f8902 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Sun, 3 Nov 2019 00:01:20 +0100 +Subject: [PATCH 25/25] Add self-generated test vector for x448 non-canonical + values + +x25519 has such a test vector obtained from wycheproof but wycheproof +does not have a corresponding x448 test vector. +So add a self-generated test vector for that case. + +Signed-off-by: Patrick Steuer + +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/10339) + +(cherry picked from commit fd60f8da74c68ba56f828bcc59141856503ffa0a) +Signed-off-by: Dimitri John Ledkov +--- + test/recipes/30-test_evp_data/evppkey.txt | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt +index 736e0ce4d3..a049f19694 100644 +--- a/test/recipes/30-test_evp_data/evppkey.txt ++++ b/test/recipes/30-test_evp_data/evppkey.txt +@@ -814,6 +814,8 @@ PublicKeyRaw=Bob-448-PUBLIC-Raw:X448:3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107b + + PrivPubKeyPair = Bob-448-Raw:Bob-448-PUBLIC-Raw + ++PublicKeyRaw=Bob-448-PUBLIC-Raw-NonCanonical:X448:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ++ + Derive=Alice-448 + PeerKey=Bob-448-PUBLIC + SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d +@@ -830,6 +832,11 @@ Derive=Bob-448-Raw + PeerKey=Alice-448-PUBLIC-Raw + SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d + ++# Self-generated non-canonical ++Derive=Alice-448-Raw ++PeerKey=Bob-448-PUBLIC-Raw-NonCanonical ++SharedSecret=66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee63660eabd54934f3382061d17607f581a90bdac917a064959fb ++ + # Illegal sign/verify operations with X448 key + + Sign=Alice-448 +-- +2.25.1 + diff -Nru openssl-1.1.1l/debian/patches/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch openssl-1.1.1l/debian/patches/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch --- openssl-1.1.1l/debian/patches/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch 2021-05-05 01:49:27.000000000 +0200 @@ -0,0 +1,70 @@ +From 88065693392e2816f1f501bd2b2bb8edd24f4e12 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 31 Jan 2020 05:07:01 -0800 +Subject: x86: Add endbranch to indirect branch targets for Intel CET + +To support Intel CET, all indirect branch targets must start with +endbranch. Here is a patch to add endbranch to all function entries +in x86 assembly codes which are indirect branch targets as discovered +by running openssl testsuite on Intel CET machine and visual inspection. + +Since x86 cbc.pl uses indirect branch with a jump table, we also need +to add endbranch to all jump targets. + +Reviewed-by: Richard Levitte +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/10984) + +Origin: backport, https://github.com/openssl/openssl/pull/12272.patch +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927161 +Last-Update: 2021-05-05 +--- + crypto/perlasm/cbc.pl | 7 +++++++ + crypto/perlasm/x86gas.pl | 1 + + 2 files changed, 8 insertions(+) + +Index: openssl-1.1.1j/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/perlasm/cbc.pl 2021-05-05 11:43:27.259994507 +1200 ++++ openssl-1.1.1j/crypto/perlasm/cbc.pl 2021-05-05 11:43:27.259994507 +1200 +@@ -165,21 +165,28 @@ + &jmp_ptr($count); + + &set_label("ej7"); ++ &endbranch() + &movb(&HB("edx"), &BP(6,$in,"",0)); + &shl("edx",8); + &set_label("ej6"); ++ &endbranch() + &movb(&HB("edx"), &BP(5,$in,"",0)); + &set_label("ej5"); ++ &endbranch() + &movb(&LB("edx"), &BP(4,$in,"",0)); + &set_label("ej4"); ++ &endbranch() + &mov("ecx", &DWP(0,$in,"",0)); + &jmp(&label("ejend")); + &set_label("ej3"); ++ &endbranch() + &movb(&HB("ecx"), &BP(2,$in,"",0)); + &shl("ecx",8); + &set_label("ej2"); ++ &endbranch() + &movb(&HB("ecx"), &BP(1,$in,"",0)); + &set_label("ej1"); ++ &endbranch() + &movb(&LB("ecx"), &BP(0,$in,"",0)); + &set_label("ejend"); + +Index: openssl-1.1.1j/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/perlasm/x86gas.pl 2021-05-05 11:43:27.259994507 +1200 ++++ openssl-1.1.1j/crypto/perlasm/x86gas.pl 2021-05-05 11:43:27.259994507 +1200 +@@ -124,6 +124,7 @@ + push(@out,".align\t$align\n"); + push(@out,"$func:\n"); + push(@out,"$begin:\n") if ($global); ++ &::endbranch(); + $::stack=4; + } + diff -Nru openssl-1.1.1l/debian/patches/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch openssl-1.1.1l/debian/patches/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch --- openssl-1.1.1l/debian/patches/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch 2021-05-05 01:49:27.000000000 +0200 @@ -0,0 +1,82 @@ +From cc5d87cb22f213e478f6db064b186ecb1bfaf57b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 13 Dec 2019 16:46:07 -0800 +Subject: Use swapcontext for Intel CET + +When Intel CET is enabled, makecontext will create a different shadow +stack for each context. async_fibre_swapcontext cannot use _longjmp. +It must call swapcontext to swap shadow stack as well as normal stack. + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/10983) + +Origin: backport, https://github.com/openssl/openssl/pull/12272.patch +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927161 +Last-Update: 2021-05-05 +--- + crypto/async/arch/async_posix.c | 2 ++ + crypto/async/arch/async_posix.h | 19 ++++++++++++++++++- + 2 files changed, 20 insertions(+), 1 deletion(-) + +Index: openssl-1.1.1j/crypto/async/arch/async_posix.c +=================================================================== +--- openssl-1.1.1j.orig/crypto/async/arch/async_posix.c 2021-05-05 11:43:42.284179200 +1200 ++++ openssl-1.1.1j/crypto/async/arch/async_posix.c 2021-05-05 11:43:42.284179200 +1200 +@@ -34,7 +34,9 @@ + + int async_fibre_makecontext(async_fibre *fibre) + { ++#ifndef USE_SWAPCONTEXT + fibre->env_init = 0; ++#endif + if (getcontext(&fibre->fibre) == 0) { + fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE); + if (fibre->fibre.uc_stack.ss_sp != NULL) { +Index: openssl-1.1.1j/crypto/async/arch/async_posix.h +=================================================================== +--- openssl-1.1.1j.orig/crypto/async/arch/async_posix.h 2021-05-05 11:43:42.284179200 +1200 ++++ openssl-1.1.1j/crypto/async/arch/async_posix.h 2021-05-05 11:43:42.284179200 +1200 +@@ -25,17 +25,33 @@ + # define ASYNC_POSIX + # define ASYNC_ARCH + ++# ifdef __CET__ ++/* ++ * When Intel CET is enabled, makecontext will create a different ++ * shadow stack for each context. async_fibre_swapcontext cannot ++ * use _longjmp. It must call swapcontext to swap shadow stack as ++ * well as normal stack. ++ */ ++# define USE_SWAPCONTEXT ++# endif + # include +-# include ++# ifndef USE_SWAPCONTEXT ++# include ++# endif + + typedef struct async_fibre_st { + ucontext_t fibre; ++# ifndef USE_SWAPCONTEXT + jmp_buf env; + int env_init; ++# endif + } async_fibre; + + static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) + { ++# ifdef USE_SWAPCONTEXT ++ swapcontext(&o->fibre, &n->fibre); ++# else + o->env_init = 1; + + if (!r || !_setjmp(o->env)) { +@@ -44,6 +60,7 @@ + else + setcontext(&n->fibre); + } ++# endif + + return 1; + } diff -Nru openssl-1.1.1l/debian/patches/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch openssl-1.1.1l/debian/patches/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch --- openssl-1.1.1l/debian/patches/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch 2021-05-05 01:49:27.000000000 +0200 @@ -0,0 +1,58 @@ +From ace0bfffdf0e6259827c8ef1bef44e8684282479 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 14 Dec 2019 09:48:18 -0800 +Subject: x86: Always generate .note.gnu.property section for ELF outputs + +We should always generate .note.gnu.property section in x86 assembly +codes for ELF outputs to mark Intel CET support since all input files +must be marked with Intel CET support in order for linker to mark output +with Intel CET support. + +Verified with + +$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86 -fcf-protection +$ make +$ make test + +Reviewed-by: Richard Levitte +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/11044) + +Origin: backport, https://github.com/openssl/openssl/pull/12272.patch +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927161 +Last-Update: 2021-05-05 +--- + crypto/perlasm/x86gas.pl | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +Index: openssl-1.1.1j/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/perlasm/x86gas.pl 2021-05-05 11:43:57.536366573 +1200 ++++ openssl-1.1.1j/crypto/perlasm/x86gas.pl 2021-05-05 11:43:57.532366525 +1200 +@@ -173,6 +173,26 @@ + else { push (@out,"$tmp\n"); } + } + push(@out,$initseg) if ($initseg); ++ if ($::elf) { ++ push(@out," ++ .section \".note.gnu.property\", \"a\" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz \"GNU\" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++"); ++ } + } + + sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } diff -Nru openssl-1.1.1l/debian/patches/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch openssl-1.1.1l/debian/patches/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch --- openssl-1.1.1l/debian/patches/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch 2021-05-05 01:49:27.000000000 +0200 @@ -0,0 +1,84 @@ +From 0e7236cb29770ffff17dc9544ccef384334badde Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 31 Jan 2020 09:13:27 -0800 +Subject: x86_64: Always generate .note.gnu.property section for ELF outputs + +We should always generate .note.gnu.property section in x86_64 assembly +codes for ELF outputs to mark Intel CET support since all input files +must be marked with Intel CET support in order for linker to mark output +with Intel CET support. Also .note.gnu.property section in x32 should +be aligned to 4 bytes, not 8 bytes and .p2align should be used +consistently. + +Verified with + +$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86_64 -fcf-protection +$ make +$ make test + +and + +$ CC="gcc -mx32 -Wl,-z,cet-report=error" ./Configure shared linux-x32 -fcf-protection +$ make +$ make test # <<< 90-test_sslapi.t failed because 8-byte pointer size. + +Fix #10896 + +Reviewed-by: Richard Levitte +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/10985) + +Origin: backport, https://github.com/openssl/openssl/pull/12272.patch +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927161 +Last-Update: 2021-05-05 +--- + crypto/perlasm/x86_64-xlate.pl | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +Index: openssl-1.1.1j/crypto/perlasm/x86_64-xlate.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/perlasm/x86_64-xlate.pl 2021-05-05 11:44:59.193123035 +1200 ++++ openssl-1.1.1j/crypto/perlasm/x86_64-xlate.pl 2021-05-05 11:44:59.189122986 +1200 +@@ -101,6 +101,33 @@ + $decor="\$L\$"; + } + ++my $cet_property; ++if ($flavour =~ /elf/) { ++ # Always generate .note.gnu.property section for ELF outputs to ++ # mark Intel CET support since all input files must be marked ++ # with Intel CET support in order for linker to mark output with ++ # Intel CET support. ++ my $p2align=3; $p2align=2 if ($flavour eq "elf32"); ++ $cet_property = <<_____; ++ .section ".note.gnu.property", "a" ++ .p2align $p2align ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align $p2align ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align $p2align ++4: ++_____ ++} ++ + my $current_segment; + my $current_function; + my %globals; +@@ -1213,6 +1240,7 @@ + print $line,"\n"; + } + ++print "$cet_property" if ($cet_property); + print "\n$current_segment\tENDS\n" if ($current_segment && $masm); + print "END\n" if ($masm); + diff -Nru openssl-1.1.1l/debian/patches/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch openssl-1.1.1l/debian/patches/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch --- openssl-1.1.1l/debian/patches/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch 2021-05-05 01:49:27.000000000 +0200 @@ -0,0 +1,364 @@ +From aa0d12b651ad8ff471d074afe653d70b73ecd0fd Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 31 Jan 2020 04:17:26 -0800 +Subject: x86_64: Add endbranch at function entries for Intel CET + +To support Intel CET, all indirect branch targets must start with +endbranch. Here is a patch to add endbranch to function entries +in x86_64 assembly codes which are indirect branch targets as +discovered by running openssl testsuite on Intel CET machine and +visual inspection. + +Verified with + +$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86_64 -fcf-protection +$ make +$ make test + +and + +$ CC="gcc -mx32 -Wl,-z,cet-report=error" ./Configure shared linux-x32 -fcf-protection +$ make +$ make test # <<< passed with https://github.com/openssl/openssl/pull/10988 + +Reviewed-by: Tomas Mraz +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/10982) + +Origin: backport, https://github.com/openssl/openssl/pull/12272.patch +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927161 +Last-Update: 2021-05-05 +--- + crypto/aes/asm/aesni-x86_64.pl | 11 +++++++++++ + crypto/aes/asm/vpaes-x86_64.pl | 5 +++++ + crypto/camellia/asm/cmll-x86_64.pl | 1 + + crypto/modes/asm/ghash-x86_64.pl | 6 ++++++ + crypto/poly1305/asm/poly1305-x86_64.pl | 2 ++ + crypto/rc4/asm/rc4-x86_64.pl | 3 +++ + crypto/x86_64cpuid.pl | 9 +++++++++ + 7 files changed, 37 insertions(+) + +Index: openssl-1.1.1j/crypto/aes/asm/aesni-x86_64.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/aes/asm/aesni-x86_64.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/aes/asm/aesni-x86_64.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -275,6 +275,7 @@ + .align 16 + ${PREFIX}_encrypt: + .cfi_startproc ++ endbranch + movups ($inp),$inout0 # load input + mov 240($key),$rounds # key->rounds + ___ +@@ -293,6 +294,7 @@ + .align 16 + ${PREFIX}_decrypt: + .cfi_startproc ++ endbranch + movups ($inp),$inout0 # load input + mov 240($key),$rounds # key->rounds + ___ +@@ -613,6 +615,7 @@ + .align 16 + aesni_ecb_encrypt: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp +@@ -985,6 +988,7 @@ + .align 16 + aesni_ccm64_encrypt_blocks: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp +@@ -1077,6 +1081,7 @@ + .align 16 + aesni_ccm64_decrypt_blocks: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp +@@ -1203,6 +1208,7 @@ + .align 16 + aesni_ctr32_encrypt_blocks: + .cfi_startproc ++ endbranch + cmp \$1,$len + jne .Lctr32_bulk + +@@ -1775,6 +1781,7 @@ + .align 16 + aesni_xts_encrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%r11 # frame pointer + .cfi_def_cfa_register %r11 + push %rbp +@@ -2258,6 +2265,7 @@ + .align 16 + aesni_xts_decrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%r11 # frame pointer + .cfi_def_cfa_register %r11 + push %rbp +@@ -2783,6 +2791,7 @@ + .align 32 + aesni_ocb_encrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%rax + push %rbx + .cfi_push %rbx +@@ -3249,6 +3258,7 @@ + .align 32 + aesni_ocb_decrypt: + .cfi_startproc ++ endbranch + lea (%rsp),%rax + push %rbx + .cfi_push %rbx +@@ -3737,6 +3747,7 @@ + .align 16 + ${PREFIX}_cbc_encrypt: + .cfi_startproc ++ endbranch + test $len,$len # check length + jz .Lcbc_ret + +Index: openssl-1.1.1j/crypto/aes/asm/vpaes-x86_64.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/aes/asm/vpaes-x86_64.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/aes/asm/vpaes-x86_64.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -696,6 +696,7 @@ + .align 16 + ${PREFIX}_set_encrypt_key: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -746,6 +747,7 @@ + .align 16 + ${PREFIX}_set_decrypt_key: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -801,6 +803,7 @@ + .align 16 + ${PREFIX}_encrypt: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -846,6 +849,7 @@ + .align 16 + ${PREFIX}_decrypt: + .cfi_startproc ++ endbranch + ___ + $code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp +@@ -897,6 +901,7 @@ + .align 16 + ${PREFIX}_cbc_encrypt: + .cfi_startproc ++ endbranch + xchg $key,$len + ___ + ($len,$key)=($key,$len); +Index: openssl-1.1.1j/crypto/camellia/asm/cmll-x86_64.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/camellia/asm/cmll-x86_64.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/camellia/asm/cmll-x86_64.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -685,6 +685,7 @@ + .align 16 + Camellia_cbc_encrypt: + .cfi_startproc ++ endbranch + cmp \$0,%rdx + je .Lcbc_abort + push %rbx +Index: openssl-1.1.1j/crypto/modes/asm/ghash-x86_64.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/modes/asm/ghash-x86_64.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/modes/asm/ghash-x86_64.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -239,6 +239,7 @@ + .align 16 + gcm_gmult_4bit: + .cfi_startproc ++ endbranch + push %rbx + .cfi_push %rbx + push %rbp # %rbp and others are pushed exclusively in +@@ -286,6 +287,7 @@ + .align 16 + gcm_ghash_4bit: + .cfi_startproc ++ endbranch + push %rbx + .cfi_push %rbx + push %rbp +@@ -612,6 +614,7 @@ + .align 16 + gcm_gmult_clmul: + .cfi_startproc ++ endbranch + .L_gmult_clmul: + movdqu ($Xip),$Xi + movdqa .Lbswap_mask(%rip),$T3 +@@ -663,6 +666,7 @@ + .align 32 + gcm_ghash_clmul: + .cfi_startproc ++ endbranch + .L_ghash_clmul: + ___ + $code.=<<___ if ($win64); +@@ -1166,6 +1170,7 @@ + .align 32 + gcm_gmult_avx: + .cfi_startproc ++ endbranch + jmp .L_gmult_clmul + .cfi_endproc + .size gcm_gmult_avx,.-gcm_gmult_avx +@@ -1177,6 +1182,7 @@ + .align 32 + gcm_ghash_avx: + .cfi_startproc ++ endbranch + ___ + if ($avx) { + my ($Xip,$Htbl,$inp,$len)=@_4args; +Index: openssl-1.1.1j/crypto/poly1305/asm/poly1305-x86_64.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/poly1305/asm/poly1305-x86_64.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/poly1305/asm/poly1305-x86_64.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -2806,6 +2806,7 @@ + .align 32 + poly1305_blocks_vpmadd52: + .cfi_startproc ++ endbranch + shr \$4,$len + jz .Lno_data_vpmadd52 # too short + +@@ -3739,6 +3740,7 @@ + .align 32 + poly1305_emit_base2_44: + .cfi_startproc ++ endbranch + mov 0($ctx),%r8 # load hash value + mov 8($ctx),%r9 + mov 16($ctx),%r10 +Index: openssl-1.1.1j/crypto/rc4/asm/rc4-x86_64.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/rc4/asm/rc4-x86_64.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/rc4/asm/rc4-x86_64.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -140,6 +140,7 @@ + .align 16 + RC4: + .cfi_startproc ++ endbranch + or $len,$len + jne .Lentry + ret +@@ -455,6 +456,7 @@ + .align 16 + RC4_set_key: + .cfi_startproc ++ endbranch + lea 8($dat),$dat + lea ($inp,$len),$inp + neg $len +@@ -529,6 +531,7 @@ + .align 16 + RC4_options: + .cfi_startproc ++ endbranch + lea .Lopts(%rip),%rax + mov OPENSSL_ia32cap_P(%rip),%edx + bt \$20,%edx +Index: openssl-1.1.1j/crypto/x86_64cpuid.pl +=================================================================== +--- openssl-1.1.1j.orig/crypto/x86_64cpuid.pl 2021-05-05 11:45:18.417358568 +1200 ++++ openssl-1.1.1j/crypto/x86_64cpuid.pl 2021-05-05 11:45:18.413358519 +1200 +@@ -40,6 +40,7 @@ + .align 16 + OPENSSL_atomic_add: + .cfi_startproc ++ endbranch + movl ($arg1),%eax + .Lspin: leaq ($arg2,%rax),%r8 + .byte 0xf0 # lock +@@ -56,6 +57,7 @@ + .align 16 + OPENSSL_rdtsc: + .cfi_startproc ++ endbranch + rdtsc + shl \$32,%rdx + or %rdx,%rax +@@ -68,6 +70,7 @@ + .align 16 + OPENSSL_ia32_cpuid: + .cfi_startproc ++ endbranch + mov %rbx,%r8 # save %rbx + .cfi_register %rbx,%r8 + +@@ -237,6 +240,7 @@ + .align 16 + OPENSSL_cleanse: + .cfi_startproc ++ endbranch + xor %rax,%rax + cmp \$15,$arg2 + jae .Lot +@@ -274,6 +278,7 @@ + .align 16 + CRYPTO_memcmp: + .cfi_startproc ++ endbranch + xor %rax,%rax + xor %r10,%r10 + cmp \$0,$arg3 +@@ -312,6 +317,7 @@ + .align 16 + OPENSSL_wipe_cpu: + .cfi_startproc ++ endbranch + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 +@@ -376,6 +382,7 @@ + .align 16 + OPENSSL_instrument_bus: + .cfi_startproc ++ endbranch + mov $arg1,$out # tribute to Win64 + mov $arg2,$cnt + mov $arg2,$max +@@ -410,6 +417,7 @@ + .align 16 + OPENSSL_instrument_bus2: + .cfi_startproc ++ endbranch + mov $arg1,$out # tribute to Win64 + mov $arg2,$cnt + mov $arg3,$max +@@ -465,6 +473,7 @@ + .align 16 + OPENSSL_ia32_${rdop}_bytes: + .cfi_startproc ++ endbranch + xor %rax, %rax # return value + cmp \$0,$arg2 + je .Ldone_${rdop}_bytes diff -Nru openssl-1.1.1l/debian/patches/pic.patch openssl-1.1.1l/debian/patches/pic.patch --- openssl-1.1.1l/debian/patches/pic.patch 2021-08-24 22:33:59.000000000 +0200 +++ openssl-1.1.1l/debian/patches/pic.patch 2021-09-04 09:59:44.000000000 +0200 @@ -9,10 +9,10 @@ crypto/x86cpuid.pl | 10 +++++----- 4 files changed, 55 insertions(+), 12 deletions(-) -diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index ef7054e27506..50765d2b1552 100644 ---- a/crypto/des/asm/desboth.pl -+++ b/crypto/des/asm/desboth.pl +Index: openssl-1.1.1f/crypto/des/asm/desboth.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/des/asm/desboth.pl ++++ openssl-1.1.1f/crypto/des/asm/desboth.pl @@ -23,6 +23,11 @@ sub DES_encrypt3 &push("edi"); @@ -50,10 +50,10 @@ &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); -diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 01bafe457d68..c093be5a4fd6 100644 ---- a/crypto/perlasm/cbc.pl -+++ b/crypto/perlasm/cbc.pl +Index: openssl-1.1.1f/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/perlasm/cbc.pl ++++ openssl-1.1.1f/crypto/perlasm/cbc.pl @@ -129,7 +129,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -67,7 +67,7 @@ &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -192,7 +196,11 @@ sub cbc +@@ -199,7 +203,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -80,7 +80,7 @@ &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -225,7 +233,11 @@ sub cbc +@@ -232,7 +240,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -93,7 +93,7 @@ &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -268,7 +280,11 @@ sub cbc +@@ -275,7 +287,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -106,19 +106,19 @@ &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 5c7ea3880e4d..7e49b55e97c7 100644 ---- a/crypto/perlasm/x86gas.pl -+++ b/crypto/perlasm/x86gas.pl -@@ -170,6 +170,7 @@ sub ::file_end +Index: openssl-1.1.1f/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/perlasm/x86gas.pl ++++ openssl-1.1.1f/crypto/perlasm/x86gas.pl +@@ -171,6 +171,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } + if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } } push(@out,$initseg) if ($initseg); - } -@@ -228,8 +229,23 @@ ___ + if ($::elf) { +@@ -249,8 +250,23 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init @@ -142,10 +142,10 @@ } elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw -diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index ba4fd80fb32e..18c124707587 100644 ---- a/crypto/x86cpuid.pl -+++ b/crypto/x86cpuid.pl +Index: openssl-1.1.1f/crypto/x86cpuid.pl +=================================================================== +--- openssl-1.1.1f.orig/crypto/x86cpuid.pl ++++ openssl-1.1.1f/crypto/x86cpuid.pl @@ -18,6 +18,8 @@ open OUT,">$output"; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -155,7 +155,7 @@ &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); -@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); @@ -166,7 +166,7 @@ &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... @@ -175,7 +175,7 @@ &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC -@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &ret (); &function_end_B("OPENSSL_far_spin"); diff -Nru openssl-1.1.1l/debian/patches/series openssl-1.1.1l/debian/patches/series --- openssl-1.1.1l/debian/patches/series 2021-08-24 22:33:59.000000000 +0200 +++ openssl-1.1.1l/debian/patches/series 2021-09-04 09:59:56.000000000 +0200 @@ -1,6 +1,42 @@ +# x86_64 cet hwe +lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch +lp-1927161-2-Use-swapcontext-for-Intel-CET.patch +lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch +lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch +lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch +# s390x hwe +0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch +0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch +0003-s390x-assembly-pack-perlasm-support.patch +0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch +0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch +0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch +0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch +0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch +0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch +0010-s390x-assembly-pack-update-perlasm-module.patch +0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch +0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch +0013-fix-strict-warnings-build.patch +0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch +0015-Place-return-values-after-examples-in-doc.patch +0016-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch +0017-s390xcpuid.pl-fix-comment.patch +0018-s390x-assembly-pack-accelerate-scalar-multiplication.patch +0019-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch +0020-s390x-assembly-pack-accelerate-ECDSA.patch +0021-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch +0022-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch +0023-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch +0024-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-a.patch +0025-Add-self-generated-test-vector-for-x448-non-canonica.patch +# Debian patches debian-targets.patch man-section.patch no-symbolic.patch pic.patch c_rehash-compat.patch -Set-systemwide-default-settings-for-libssl-users.patch +# Remove Set-systemwide-default-settings-for-libssl-users.patch, this is done differently +# Ubuntu patches +tests-use-seclevel-1.patch +tls1.2-min-seclevel2.patch diff -Nru openssl-1.1.1l/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch openssl-1.1.1l/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch --- openssl-1.1.1l/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch 2021-08-24 22:33:59.000000000 +0200 +++ openssl-1.1.1l/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,42 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Tue, 20 Mar 2018 22:07:30 +0100 -Subject: Set systemwide default settings for libssl users - -This config change enforeces a TLS1.2 protocol version as minimum. It -can be overwritten by the system administrator. - -It also changes the default security level from 1 to 2, moving from the 80 bit -security level to the 112 bit security level. - -Signed-off-by: Sebastian Andrzej Siewior ---- - apps/openssl.cnf | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 4acca4b0446f..a6fed92a2e75 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -15,6 +15,9 @@ HOME = . - #oid_file = $ENV::HOME/.oid - oid_section = new_oids - -+# System default -+openssl_conf = default_conf -+ - # To use this configuration file with the "-extfile" option of the - # "openssl x509" utility, name here the section containing the - # X.509v3 extensions to use: -@@ -348,3 +351,12 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) - ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) -+[default_conf] -+ssl_conf = ssl_sect -+ -+[ssl_sect] -+system_default = system_default_sect -+ -+[system_default_sect] -+MinProtocol = TLSv1.2 -+CipherString = DEFAULT@SECLEVEL=2 diff -Nru openssl-1.1.1l/debian/patches/tests-use-seclevel-1.patch openssl-1.1.1l/debian/patches/tests-use-seclevel-1.patch --- openssl-1.1.1l/debian/patches/tests-use-seclevel-1.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/tests-use-seclevel-1.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,253 @@ +Description: Change testsuite to use SECLEVEL 1 by default + By default the testsuite assumes that SECLEVEL is set to 1, and many + tests fail, when one raises security level to 2. Many test certs use + insecure hash algorithms and small key sizes. +Author: Dimitri John Ledkov + +Index: openssl-1.1.1d/test/ssltestlib.c +=================================================================== +--- openssl-1.1.1d.orig/test/ssltestlib.c ++++ openssl-1.1.1d/test/ssltestlib.c +@@ -720,6 +720,11 @@ int create_ssl_ctx_pair(const SSL_METHOD + || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm)))) + goto err; + ++ if (SSL_CTX_get_security_level(serverctx) == 2) ++ SSL_CTX_set_security_level(serverctx, 1); ++ if (clientctx != NULL && SSL_CTX_get_security_level(clientctx) == 2) ++ SSL_CTX_set_security_level(clientctx, 1); ++ + if ((min_proto_version > 0 + && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, + min_proto_version))) +@@ -781,6 +786,11 @@ int create_ssl_objects(SSL_CTX *serverct + else if (!TEST_ptr(clientssl = SSL_new(clientctx))) + goto error; + ++ if (SSL_get_security_level(serverssl) == 2) ++ SSL_set_security_level(serverssl, 1); ++ if (SSL_get_security_level(clientssl) == 2) ++ SSL_set_security_level(clientssl, 1); ++ + if (SSL_is_dtls(clientssl)) { + if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) + || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) +Index: openssl-1.1.1d/test/ssl_test.c +=================================================================== +--- openssl-1.1.1d.orig/test/ssl_test.c ++++ openssl-1.1.1d/test/ssl_test.c +@@ -406,6 +406,7 @@ static int test_handshake(int idx) + #ifndef OPENSSL_NO_DTLS + if (test_ctx->method == SSL_TEST_METHOD_DTLS) { + server_ctx = SSL_CTX_new(DTLS_server_method()); ++ SSL_CTX_set_security_level(server_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, + DTLS_MAX_VERSION))) + goto err; +@@ -413,17 +414,21 @@ static int test_handshake(int idx) + SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method()))) + goto err; ++ SSL_CTX_set_security_level(server2_ctx, 1); + } + client_ctx = SSL_CTX_new(DTLS_client_method()); ++ SSL_CTX_set_security_level(client_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, + DTLS_MAX_VERSION))) + goto err; + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { + resume_server_ctx = SSL_CTX_new(DTLS_server_method()); ++ SSL_CTX_set_security_level(resume_server_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, + DTLS_MAX_VERSION))) + goto err; + resume_client_ctx = SSL_CTX_new(DTLS_client_method()); ++ SSL_CTX_set_security_level(resume_client_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, + DTLS_MAX_VERSION))) + goto err; +@@ -435,6 +440,7 @@ static int test_handshake(int idx) + #endif + if (test_ctx->method == SSL_TEST_METHOD_TLS) { + server_ctx = SSL_CTX_new(TLS_server_method()); ++ SSL_CTX_set_security_level(server_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, + TLS_MAX_VERSION))) + goto err; +@@ -443,21 +449,25 @@ static int test_handshake(int idx) + SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) + goto err; ++ SSL_CTX_set_security_level(server2_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, + TLS_MAX_VERSION))) + goto err; + } + client_ctx = SSL_CTX_new(TLS_client_method()); ++ SSL_CTX_set_security_level(client_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, + TLS_MAX_VERSION))) + goto err; + + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { + resume_server_ctx = SSL_CTX_new(TLS_server_method()); ++ SSL_CTX_set_security_level(resume_server_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, + TLS_MAX_VERSION))) + goto err; + resume_client_ctx = SSL_CTX_new(TLS_client_method()); ++ SSL_CTX_set_security_level(resume_client_ctx, 1); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, + TLS_MAX_VERSION))) + goto err; +Index: openssl-1.1.1d/test/recipes/70-test_sslmessages.t +=================================================================== +--- openssl-1.1.1d.orig/test/recipes/70-test_sslmessages.t ++++ openssl-1.1.1d/test/recipes/70-test_sslmessages.t +@@ -421,7 +421,7 @@ SKIP: { + $proxy->clear(); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-no_tls1_3"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::EC_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS +Index: openssl-1.1.1d/test/recipes/70-test_sslsigalgs.t +=================================================================== +--- openssl-1.1.1d.orig/test/recipes/70-test_sslsigalgs.t ++++ openssl-1.1.1d/test/recipes/70-test_sslsigalgs.t +@@ -125,7 +125,7 @@ SKIP: { + # should succeed + $proxy->clear(); + $proxy->serverflags("-no_tls1_3"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->filter(undef); + $proxy->start(); + ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); +@@ -169,7 +169,7 @@ SKIP: { + $proxy->clear(); + $testtype = EMPTY_SIG_ALGS_EXT; + $proxy->clientflags("-no_tls1_3"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); + +@@ -177,7 +177,7 @@ SKIP: { + $proxy->clear(); + $testtype = NO_KNOWN_SIG_ALGS; + $proxy->clientflags("-no_tls1_3"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); + +@@ -186,7 +186,7 @@ SKIP: { + $proxy->clear(); + $testtype = NO_PSS_SIG_ALGS; + $proxy->clientflags("-no_tls1_3"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); + +@@ -194,7 +194,7 @@ SKIP: { + $proxy->clear(); + $testtype = PSS_ONLY_SIG_ALGS; + $proxy->serverflags("-no_tls1_3"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); + +@@ -205,7 +205,7 @@ SKIP: { + $proxy->clear(); + $testtype = PSS_ONLY_SIG_ALGS; + $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); + +@@ -213,7 +213,7 @@ SKIP: { + # matches the certificate should fail in TLSv1.2 + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); +- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->filter(undef); + $proxy->start(); + ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); +@@ -227,7 +227,7 @@ SKIP: { + "server-ecdsa-cert.pem") . + " -key " . srctop_file("test", "certs", + "server-ecdsa-key.pem")), +- $proxy->ciphers("ECDHE-ECDSA-AES128-SHA"); ++ $proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=1"); + $proxy->start(); + ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA"); + } +Index: openssl-1.1.1d/test/recipes/70-test_sslsignature.t +=================================================================== +--- openssl-1.1.1d.orig/test/recipes/70-test_sslsignature.t ++++ openssl-1.1.1d/test/recipes/70-test_sslsignature.t +@@ -101,8 +101,8 @@ SKIP: { + $proxy->clear(); + $testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE; + $proxy->clientflags("-no_tls1_3"); +- $proxy->cipherc('DHE-RSA-AES128-SHA'); +- $proxy->ciphers('DHE-RSA-AES128-SHA'); ++ $proxy->cipherc('DHE-RSA-AES128-SHA:\@SECLEVEL=1'); ++ $proxy->ciphers('DHE-RSA-AES128-SHA:\@SECLEVEL=1'); + $proxy->start(); + ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange"); + } +Index: openssl-1.1.1d/util/perl/TLSProxy/Proxy.pm +=================================================================== +--- openssl-1.1.1d.orig/util/perl/TLSProxy/Proxy.pm ++++ openssl-1.1.1d/util/perl/TLSProxy/Proxy.pm +@@ -97,9 +97,9 @@ sub new + execute => $execute, + cert => $cert, + debug => $debug, +- cipherc => "", ++ cipherc => "DEFAULT:\@SECLEVEL=1", + ciphersuitesc => "", +- ciphers => "AES128-SHA", ++ ciphers => "AES128-SHA:\@SECLEVEL=1", + ciphersuitess => "TLS_AES_128_GCM_SHA256", + flight => -1, + direction => -1, +@@ -145,7 +145,7 @@ sub clearClient + { + my $self = shift; + +- $self->{cipherc} = ""; ++ $self->{cipherc} = "DEFAULT:\@SECLEVEL=1"; + $self->{ciphersuitec} = ""; + $self->{flight} = -1; + $self->{direction} = -1; +@@ -167,7 +167,7 @@ sub clear + my $self = shift; + + $self->clearClient; +- $self->{ciphers} = "AES128-SHA"; ++ $self->{ciphers} = "AES128-SHA:\@SECLEVEL=1"; + $self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256"; + $self->{serverflags} = ""; + $self->{serverconnects} = 1; +Index: openssl-1.1.1d/test/bad_dtls_test.c +=================================================================== +--- openssl-1.1.1d.orig/test/bad_dtls_test.c ++++ openssl-1.1.1d/test/bad_dtls_test.c +@@ -472,6 +472,8 @@ static int test_bad_dtls(void) + goto end; + + ctx = SSL_CTX_new(DTLS_client_method()); ++ if (TEST_ptr(ctx)) ++ SSL_CTX_set_security_level(ctx, 1); + if (!TEST_ptr(ctx) + || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) diff -Nru openssl-1.1.1l/debian/patches/tls1.2-min-seclevel2.patch openssl-1.1.1l/debian/patches/tls1.2-min-seclevel2.patch --- openssl-1.1.1l/debian/patches/tls1.2-min-seclevel2.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/patches/tls1.2-min-seclevel2.patch 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,67 @@ +Description: TLS versions below 1.2 are not permitted as security level 2. + +Index: openssl-1.1.1i/ssl/ssl_cert.c +=================================================================== +--- openssl-1.1.1i.orig/ssl/ssl_cert.c ++++ openssl-1.1.1i/ssl/ssl_cert.c +@@ -928,18 +928,12 @@ static int ssl_security_default_callback + } + case SSL_SECOP_VERSION: + if (!SSL_IS_DTLS(s)) { +- /* SSLv3 not allowed at level 2 */ +- if (nid <= SSL3_VERSION && level >= 2) +- return 0; +- /* TLS v1.1 and above only for level 3 */ +- if (nid <= TLS1_VERSION && level >= 3) +- return 0; +- /* TLS v1.2 only for level 4 and above */ +- if (nid <= TLS1_1_VERSION && level >= 4) ++ /* TLS v1.2 only for level 2 and above */ ++ if (nid <= TLS1_1_VERSION && level >= 2) + return 0; + } else { +- /* DTLS v1.2 only for level 4 and above */ +- if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4) ++ /* DTLS v1.2 only for level 2 and above */ ++ if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 2) + return 0; + } + break; +Index: openssl-1.1.1i/doc/man3/SSL_CTX_set_security_level.pod +=================================================================== +--- openssl-1.1.1i.orig/doc/man3/SSL_CTX_set_security_level.pod ++++ openssl-1.1.1i/doc/man3/SSL_CTX_set_security_level.pod +@@ -84,22 +84,20 @@ using MD5 for the MAC is also prohibited + Security level set to 112 bits of security. As a result RSA, DSA and DH keys + shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. + In addition to the level 1 exclusions any cipher suite using RC4 is also +-prohibited. SSL version 3 is also not allowed. Compression is disabled. ++prohibited. On Ubuntu, TLS versions below 1.2 are not permitted. Compression is disabled. + + =item B + + Security level set to 128 bits of security. As a result RSA, DSA and DH keys + shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. + In addition to the level 2 exclusions cipher suites not offering forward +-secrecy are prohibited. TLS versions below 1.1 are not permitted. Session +-tickets are disabled. ++secrecy are prohibited. Session tickets are disabled. + + =item B + + Security level set to 192 bits of security. As a result RSA, DSA and + DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are +-prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS +-versions below 1.2 are not permitted. ++prohibited. Cipher suites using SHA1 for the MAC are prohibited. + + =item B + +@@ -116,6 +114,7 @@ I + + The default security level can be configured when OpenSSL is compiled by + setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. ++On Ubuntu, 2 is used. + + The security framework disables or reject parameters inconsistent with the + set security level. In the past this was difficult as applications had to set diff -Nru openssl-1.1.1l/debian/po/ar.po openssl-1.1.1l/debian/po/ar.po --- openssl-1.1.1l/debian/po/ar.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ar.po 2021-09-04 09:59:56.000000000 +0200 @@ -87,3 +87,22 @@ msgstr "" "يجب أن تقوم بتشغيل هذه الخدمات يدوياً بتفيذ الأمر '/etc/init.d/ " "start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/ca.po openssl-1.1.1l/debian/po/ca.po --- openssl-1.1.1l/debian/po/ca.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ca.po 2021-09-04 09:59:56.000000000 +0200 @@ -94,5 +94,24 @@ "Aquests els haureu d'iniciar manualment executant «/etc/init.d/ " "start»." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + #~ msgid "${services}" #~ msgstr "${services}" diff -Nru openssl-1.1.1l/debian/po/cs.po openssl-1.1.1l/debian/po/cs.po --- openssl-1.1.1l/debian/po/cs.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/cs.po 2021-09-04 09:59:56.000000000 +0200 @@ -92,3 +92,28 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Budete je muset spustit ručně příkazem „/etc/init.d/ start“." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Restartovat služby při aktualizaci balíku bez ptaní?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"V systému jsou nainstalovány služby, které je nutno při aktualizaci určitých " +"knihoven (libpam, libc nebo libssl) restartovat. Během restartu služeb jsou " +"tyto po nějakou dobu nedostupné. Abychom předešli nechtěné nedostupnosti, je " +"při každé aktualizaci nabídnut seznam služeb, které se mají restartovat. " +"Povolíte-li tuto možnost, budou se všechny potřebné služby restartovat při " +"aktualizaci knihoven automaticky bez ptaní." diff -Nru openssl-1.1.1l/debian/po/da.po openssl-1.1.1l/debian/po/da.po --- openssl-1.1.1l/debian/po/da.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/da.po 2021-09-04 09:59:56.000000000 +0200 @@ -91,3 +91,29 @@ "start'." msgstr "" "Du skal genstarte disse manuelt ved at køre '/etc/init.d/ start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Genstart tjenester under pakkeopgraderinger uden at spørge?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Der er tjenester installeret på dit system, som kræver at blive genstartet " +"når bestemte biblioteker, såsom libpam, libc og libssl, opgraderes. Da disse " +"genstarter kan medføre forstyrrelse af systemets tjenester, vil du normalt " +"blive spurgt ved hver opgradering om listen over tjenester, du ønsker at " +"genstarte. Du kan vælge denne indstilling for at undgå at blive spurgt; i " +"stedet for vil alle nødvendige genstarter blive udført automatisk, så du kan " +"undgå spørgsmål ved hver biblioteksopgradering." diff -Nru openssl-1.1.1l/debian/po/de.po openssl-1.1.1l/debian/po/de.po --- openssl-1.1.1l/debian/po/de.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/de.po 2021-09-04 09:59:56.000000000 +0200 @@ -90,3 +90,30 @@ msgstr "" "Sie werden sie manuell durch Aufruf von »/etc/init.d/ start« starten " "müssen." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Dienste bei Paket-Upgrades ohne Rückfrage neu starten?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Auf Ihrem System sind Dienste installiert, die beim Upgrade bestimmter " +"Bibliotheken, wie Libpam, Libc und Libssl, neu gestartet werden müssen. Da " +"diese Neustarts zu Unterbrechungen der Dienste für dieses System führen " +"können, werden Sie normalerweise bei jedem Upgrade über die Liste der neu zu " +"startenden Dienste befragt. Sie können diese Option wählen, um diese Abfrage " +"zu vermeiden; stattdessen werden alle notwendigen Dienste-Neustarts für Sie " +"automatisch vorgenommen und die Beantwortung dieser Fragen bei jedem Upgrade " +"von Bibliotheken vermieden." diff -Nru openssl-1.1.1l/debian/po/el.po openssl-1.1.1l/debian/po/el.po --- openssl-1.1.1l/debian/po/el.po 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/po/el.po 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,115 @@ +# translation of el.po to Greek +# translation of templates.po to Greek +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Konstantinos Margaritis , 2004. +# Vangelis Skarmoutsos , 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: el\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2017-07-06 21:00+0300\n" +"Last-Translator: Vangelis Skarmoutsos \n" +"Language-Team: Greek \n" +"Language: el\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.2\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Επανεκκίνηση υπηρεσιών, κατά την διάρκεια αναβάθμισης πακέτων, χωρίς να " +"γίνει ερώτηση;" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Αυτές είναι εγκατεστημένες υπηρεσίες στο σύστημα σας, που χρειάζεται να " +"επανεκκινηθούν, όταν αναβαθμίζονται συγκεκριμένες βιβλιοθήκες, όπως οι " +"libpam, libc και libssl. Καθώς αυτές οι επανεκκινήσεις μπορούν να " +"προκαλέσουν διακοπές των υπηρεσιών του συστήματος, φυσιολογικά θα ερωτηθείτε " +"σε κάθε αναβάθμιση για την λίστα των υπηρεσιών που επιθυμείτε να " +"επανεκκινήσετε. Μπορείτε να διαλέξετε αυτή την επιλογή για να αποφύγετε να " +"ερωτηθείτε και έτσι όλες οι απαραίτητες επανεκκινήσεις θα γίνουν αυτόματα " +"ώστε να αποφύγετε τις ερωτήσεις για κάθε αναβάθμιση βιβλιοθήκης." diff -Nru openssl-1.1.1l/debian/po/es.po openssl-1.1.1l/debian/po/es.po --- openssl-1.1.1l/debian/po/es.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/es.po 2021-09-04 09:59:56.000000000 +0200 @@ -120,5 +120,34 @@ "Tendrá que iniciarlos manualmente ejecutando « /etc/init.d/ start " "»." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"¿Quiere que los servicios se actualicen durante una actualización de paquete " +"sin solicitar confirmación?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Hay algunos servicios instalados en el sistema que requieren reiniciarse al " +"actualizar paquetes como libpam, libc, y libssl. Ya que reiniciar estos " +"servicios puede provocar una interrupción de servicio del sistema, " +"habitualmente se le solicitará en cada actualización una lista de los " +"servicios que desea reiniciar. Puede seleccionar esta opción para impedir " +"que se le solicite esta información; en su lugar, cada reinicio de servicio " +"se hará de forma automática de forma que evitará que se le planteen " +"preguntas cada vez que se actualice una biblioteca." + #~ msgid "${services}" #~ msgstr "${services}" diff -Nru openssl-1.1.1l/debian/po/eu.po openssl-1.1.1l/debian/po/eu.po --- openssl-1.1.1l/debian/po/eu.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/eu.po 2021-09-04 09:59:56.000000000 +0200 @@ -91,5 +91,24 @@ msgstr "" "Eskuz berrabiarazi beharko dituzu '/etc/ init.d/ start' eginez." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + #~ msgid "${services}" #~ msgstr "${services}" diff -Nru openssl-1.1.1l/debian/po/fi.po openssl-1.1.1l/debian/po/fi.po --- openssl-1.1.1l/debian/po/fi.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/fi.po 2021-09-04 09:59:56.000000000 +0200 @@ -89,5 +89,33 @@ msgstr "" "Nämä tarvitsee käynnistää käsin ajamalla ”/etc/init.d/ start”." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Käynnistetäänkö palvelut kysymättä uudelleen pakettien päivityksen " +"yhteydessä?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Järjestelmässäsi on asennettuna palveluita, jotka tulee käynnistää uudelleen " +"päivitettäessä tiettyjä ohjelmakirjastoja, kuten libpam, libc ja libssl. " +"Koska palveluiden uudelleenkäynnistys saattaa aiheuttaa katkoja palveluihin, " +"kunkin päivityksen yhteydessä yleensä kysytään luetteloa käynnistettävistä " +"palveluista. Voit valita tämän vaihtoehdon, jos et halua nähdä kysymystä " +"jokaisen kirjastopäivityksen yhteydessä. Tällöin tarvittavat palvelut " +"käynnistetään uudelleen automaattisesti." + #~ msgid "${services}" #~ msgstr "${services}" diff -Nru openssl-1.1.1l/debian/po/fr.po openssl-1.1.1l/debian/po/fr.po --- openssl-1.1.1l/debian/po/fr.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/fr.po 2021-09-04 09:59:56.000000000 +0200 @@ -96,5 +96,33 @@ "Vous devrez les redémarrer vous-même avec la commande « /etc/init.d/" " start »." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Redémarrer inconditionnellement les services lors des mises à niveau de " +"paquets ?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Certains services installés sur le système doivent être redémarrés lorsque " +"certaines bibliothèques, comme libpam, libc ou libssl, sont mises à niveau. " +"Comme ces redémarrages peuvent conduire à une interruption du service, le " +"choix de les redémarrer ou non est en général offert lors de ces mises à " +"niveau. Vous pouvez choisir ici que ce choix ne soit plus offert et que les " +"redémarrages aient lieu systématiquement lors des mises à niveau de " +"bibliothèques." + #~ msgid "${services}" #~ msgstr "${services}" diff -Nru openssl-1.1.1l/debian/po/gl.po openssl-1.1.1l/debian/po/gl.po --- openssl-1.1.1l/debian/po/gl.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/gl.po 2021-09-04 09:59:56.000000000 +0200 @@ -87,3 +87,22 @@ msgstr "" "Ha ter que reinicialos manualmente executando \"/etc/init.d/ start" "\"." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/hu.po openssl-1.1.1l/debian/po/hu.po --- openssl-1.1.1l/debian/po/hu.po 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/po/hu.po 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,101 @@ +# SZERVÁC Attila , +# Dr. Nagy Elemér Károly , 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: glibc\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2013-05-14 18:47+0200\n" +"Last-Translator: Dr. Nagy Elemér Károly \n" +"Language-Team: Hungarian \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: UTF-8\n" +"Plural-Forms: ???\n" +"X-Poedit-Language: Hungarian\n" +"X-Poedit-Country: HUNGARY\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "A csomag frissítésekor kérdés nélkül újraindítsam a szolgáltatásokat?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Ezen a rendszeren olyan szolgáltatások vannak telepítve, amelyeket újra kell " +"indítani, bizonyos könyvtárak (mint a libpam, libc, libssl) frissítésekor. " +"Mivel ezek az újraindítások megszakítják a szolgáltatásokat, alapesetben " +"minden frissítésnél megkérdezi az újraindítandó szolgáltatások listáját a " +"rendszer. Dönthetsz úgy, hogy ne kérdezzen - ilyenkor minden szükséges " +"szolgáltatás-újraindítást elvégez a rendszer és nem kérdezget." diff -Nru openssl-1.1.1l/debian/po/it.po openssl-1.1.1l/debian/po/it.po --- openssl-1.1.1l/debian/po/it.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/it.po 2021-09-04 09:59:56.000000000 +0200 @@ -88,3 +88,30 @@ "start'." msgstr "" "È necessario avviarli manualmente con \"/etc/init.d/ start\"." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Riavviare i servizi durante l'aggiornamento senza chiedere conferma?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Sul proprio sistema sono installati dei servizi che devono essere riavviati " +"dopo l'aggiornamento di determinate librerie, quali libpam, libc e libssl. " +"Poiché questi riavvii possono causare delle interruzioni dei servizi offerti " +"dal sistema normalmente, a ogni aggiornamento, viene mostrato l'elenco dei " +"servizi e viene chiesto di confermarne il riavvio. È possibile evitare che " +"sia chiesta la conferma del riavvio accettando questa opzione; saranno " +"effettuati automaticamente tutti i riavvii necessari senza fare domande per " +"ogni aggiornamento della libreria." diff -Nru openssl-1.1.1l/debian/po/ja.po openssl-1.1.1l/debian/po/ja.po --- openssl-1.1.1l/debian/po/ja.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ja.po 2021-09-04 09:59:56.000000000 +0200 @@ -80,3 +80,30 @@ "start'." msgstr "" "開始するには '/etc/init.d/ start' を手動で実行する必要があります。" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"パッケージのアップグレード中、質問することなくサービスを再起動しますか?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"このシステムには、libpam や libc、libssl といった特定のライブラリがアップグ" +"レードされたときに再起動を必要とするサービスがインストールされています。この" +"再起動はそのシステムで動作しているサービスの中断を伴う可能性があるため、通常" +"は再起動させるサービス一覧をアップグレードの度に質問します。このオプションを" +"選択するとその質問を避けられます。代わりに、再起動が必要な場合は全て自動で再" +"起動させるため、ライブラリをアップグレードする度に質問されるのを避けられま" +"す。" diff -Nru openssl-1.1.1l/debian/po/ko.po openssl-1.1.1l/debian/po/ko.po --- openssl-1.1.1l/debian/po/ko.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ko.po 2021-09-04 09:59:56.000000000 +0200 @@ -83,3 +83,22 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/lt.po openssl-1.1.1l/debian/po/lt.po --- openssl-1.1.1l/debian/po/lt.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/lt.po 2021-09-04 09:59:56.000000000 +0200 @@ -103,3 +103,22 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/ml.po openssl-1.1.1l/debian/po/ml.po --- openssl-1.1.1l/debian/po/ml.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ml.po 2021-09-04 09:59:56.000000000 +0200 @@ -85,3 +85,22 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/nb.po openssl-1.1.1l/debian/po/nb.po --- openssl-1.1.1l/debian/po/nb.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/nb.po 2021-09-04 09:59:56.000000000 +0200 @@ -47,8 +47,8 @@ "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" -"Kontroller lista over funne tjenester som trenger omstart. Rett på lista " -"om den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " +"Kontroller lista over funne tjenester som trenger omstart. Rett på lista om " +"den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " "være atskilt med mellomrom. Hvis du tømmer lista blir ingen tjenester " "omstartet." @@ -62,8 +62,7 @@ msgstr "" "Hvis andre tjenester begynner å svikte på mystisk måte etter denne " "oppgraderingen, så blir det anbefalt at maskinen stoppes og startes for å " -"unngå vansker i " -"forbindelse med SSL." +"unngå vansker i forbindelse med SSL." #. Type: error #. Description @@ -80,8 +79,8 @@ "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" -"Følgende tjenester kunne ikke restartes for oppgradering av " -"OpenSSL-biblioteket:" +"Følgende tjenester kunne ikke restartes for oppgradering av OpenSSL-" +"biblioteket:" #. Type: error #. Description @@ -91,3 +90,28 @@ "start'." msgstr "Du må starte disse manuelt ved å kjøre «/etc/init.d/ start»." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Skal tjenester restartes uten spørsmål under pakkeoppgraderinger?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"På systemet ditt finnes det tjenester som må startes på nytt når visse " +"biblioteker, slik som libpam, libc og libssl, oppgraderes. Slike omstarter " +"kan avbryte tjenester på systemet, og normalt blir du spurt ved hver " +"oppgradering om hvilke tjenester du vil starte på nytt. Du kan slå på dette " +"valget for å slippe å bli spurt, da blir i stedet alle nødvendige omstarter " +"gjort automatisk slik at du ikke får spørsmål ved hver " +"biblioteksoppgradering." diff -Nru openssl-1.1.1l/debian/po/nl.po openssl-1.1.1l/debian/po/nl.po --- openssl-1.1.1l/debian/po/nl.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/nl.po 2021-09-04 09:59:56.000000000 +0200 @@ -99,5 +99,32 @@ "U zult deze handmatig moeten herstarten via het commando '/etc/init.d/" " start'." +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Diensten zonder vragen herstarten bij het opwaarderen van pakketten?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Er zijn diensten op uw systeem geïnstalleerd die moeten worden herstart " +"wanneer bepaalde bibliotheken, zoals libpam, libc en libssl, worden " +"opgewaardeerd. Omdat deze herstarts dienstonderbrekingen op uw systeem " +"kunnen veroorzaken, wordt u normaal gesproken bij elke opwaardering gevraagd " +"welke diensten u wilt herstarten. Als u voor deze optie kiest wordt dit niet " +"meer aan u gevraagd. In plaats daarvan worden alle noodzakelijke herstarts " +"automatisch gedaan zodat u geen vragen krijgt bij elke opwaardering van een " +"bibliotheek." + #~ msgid "${services}" #~ msgstr "${services}" diff -Nru openssl-1.1.1l/debian/po/pl.po openssl-1.1.1l/debian/po/pl.po --- openssl-1.1.1l/debian/po/pl.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/pl.po 2021-09-04 09:59:56.000000000 +0200 @@ -47,8 +47,8 @@ "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" -"Proszę sprawdzić listę wykrytych usług, które powinny zostać zrestartowane, i " -"poprawić ją, jeśli to konieczne. Nazwy usług muszą się zgadzać z nazwami " +"Proszę sprawdzić listę wykrytych usług, które powinny zostać zrestartowane, " +"i poprawić ją, jeśli to konieczne. Nazwy usług muszą się zgadzać z nazwami " "skryptów startowych w /etc/init.d i muszą być rozdzielone spacjami. Jeśli " "lista będzie pusta, żadne usługi nie zostaną zrestartowane." @@ -60,9 +60,9 @@ "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" -"Każda usługa w której wystąpi nieoczekiwany błąd po tej aktualizacji, powinna " -"zostać zrestartowana. Zaleca się ponowne uruchomienie komputera, co umożliwi " -"uniknięcie wszystkich problemów związanych z SSL." +"Każda usługa w której wystąpi nieoczekiwany błąd po tej aktualizacji, " +"powinna zostać zrestartowana. Zaleca się ponowne uruchomienie komputera, co " +"umożliwi uniknięcie wszystkich problemów związanych z SSL." #. Type: error #. Description @@ -90,7 +90,31 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" -"Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/ " -"start\"" +"Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/" +" start\"" +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Zrestartować usługi podczas aktualizacji pakietu bez pytania?" +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Niektóre z zainstalowanych usług wymagają restartu, gdy są aktualizowane " +"określone biblioteki (np. libpam, libc i libss1). Ponieważ restarty mogą " +"spowodować przerwanie tych usług, użytkownik jest zwykle pytany podczas " +"każdej aktualizacji o listę usług, które chce zrestartować. Można wybrać tę " +"opcję, aby zapobiec takim pytaniom; wtedy wszystkie potrzebne restarty " +"odbędą się automatycznie, a użytkownik uniknie pytania przy każdej " +"aktualizacji biblioteki." diff -Nru openssl-1.1.1l/debian/po/pt_BR.po openssl-1.1.1l/debian/po/pt_BR.po --- openssl-1.1.1l/debian/po/pt_BR.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/pt_BR.po 2021-09-04 09:59:56.000000000 +0200 @@ -102,3 +102,30 @@ msgstr "" "Você terá que iniciá-los manualmente executando '/etc/init.d/ " "start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reiniciar serviços durante a atualização de pacotes sem perguntar?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Existem serviços instalados no seu sistema que precisam ser reiniciados " +"quando determinadas bibliotecas, tais como libpam, libc e libssl são " +"atualizadas. Uma vez que essas reinicializações podem causar interrupções de " +"serviços para o sistema, normalmente você terá que responder a cada " +"atualização qual será a lista de serviços que quiser reiniciar. Você pode " +"escolher esta opção para evitar novas solicitações; ao invés disso, todas as " +"reinicializações necessárias serão realizadas automaticamente, para evitar " +"que você responda a cada atualização de biblioteca." diff -Nru openssl-1.1.1l/debian/po/pt.po openssl-1.1.1l/debian/po/pt.po --- openssl-1.1.1l/debian/po/pt.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/pt.po 2021-09-04 09:59:56.000000000 +0200 @@ -87,3 +87,29 @@ "start'." msgstr "" "Terá que iniciá-los manualmente correndo '/etc/init.d/ start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reiniciar serviços sem perguntar durante a actualização do pacote?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Há serviços instalados no seu sistema que necessitam de ser reiniciados " +"quando são actualizadas certas bibliotecas, como libpam, libc e libssl. Uma " +"vez que estes reinícios podem causar interrupção de serviços no sistema, é-" +"lhe normalmente perguntado em cada actualização que serviços deseja " +"reiniciar. Pode escolher esta opção para que os reinícios necessários sejam " +"automaticamente tratados pelo processo de actualização em vez de lhe serem " +"colocadas questões." diff -Nru openssl-1.1.1l/debian/po/ro.po openssl-1.1.1l/debian/po/ro.po --- openssl-1.1.1l/debian/po/ro.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ro.po 2021-09-04 09:59:56.000000000 +0200 @@ -94,3 +94,22 @@ msgstr "" "Va trebui să le porniți manual cu o comandă de tipul „/etc/init.d/ " "start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/ru.po openssl-1.1.1l/debian/po/ru.po --- openssl-1.1.1l/debian/po/ru.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/ru.po 2021-09-04 09:59:56.000000000 +0200 @@ -92,3 +92,28 @@ msgstr "" "Вам нужно будет перезапустить их вручную с помощью команд '/etc/init.d/" "<служба> start'." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Перезапускать службы при обновлении пакета без подтверждения?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"В системе установлены службы, которые требуют перезапуска после обновления " +"определённых библиотек (например, libpam, libc и libssl). Так как это может " +"вызвать перерыв в работе службы, то обычно при каждом обновлении " +"запрашивается подтверждение списка служб, которые нужно перезапустить. Чтобы " +"этот вопрос не задавался, вы можете ответить утвердительно; в этом случае " +"все необходимые службы будут перезапущены автоматически." diff -Nru openssl-1.1.1l/debian/po/sk.po openssl-1.1.1l/debian/po/sk.po --- openssl-1.1.1l/debian/po/sk.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/sk.po 2021-09-04 09:59:56.000000000 +0200 @@ -84,3 +84,30 @@ "start'." msgstr "" "Budete ich musieť reštartovať ručne spustením „/etc/init.d/ start“." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reštartovať služby počas aktualizácie balíka bez pýtania sa?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Na vašom systéme sú nainštalované služby, ktoré je potrebné reštartovať pri " +"aktualizácii určitých knižníc ako libpam, libc, a libssl. Keďže tieto " +"reštarty môžu spôsobiť prerušenie služby systému, za bežných okolností sa " +"vám systém správy balíkov pri každej aktualizácii ponúkne zoznam služieb, " +"ktoré chcete reštartovať. Môžete zvoliť, aby sa vás systém správy balíkov už " +"viac nepýtal, ale aby sa namiesto toho všetky potrebné reštarty vykonávali " +"automaticky, takže sa vyhnete kladeniu otázok pri každej aktualizácii " +"knižnice." diff -Nru openssl-1.1.1l/debian/po/sv.po openssl-1.1.1l/debian/po/sv.po --- openssl-1.1.1l/debian/po/sv.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/sv.po 2021-09-04 09:59:56.000000000 +0200 @@ -97,3 +97,30 @@ msgstr "" "Du mste starta om dessa tjnster manuellt genom att kra '/etc/init.d/" " start'" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Ska tjänster startas om vid paketuppgraderingar utan att först fråga?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Det finns tjänster installerade på systemet som behöver startas om när " +"vissa bibliotek, exempelvis libpam, libc och libssl, uppgraderas. Eftersom " +"dessa omstarter kan orsaka avbrott i tjänsten ställs normalt en fråga vid " +"varje uppgradering där en lista med tjänster som ska startas om " +"presenteras. Du kan välja att aktivera detta alternativ för att undvika " +"att frågan ställs. Istället kommer alla nödvändiga omstarter att göras " +"automatiskt." diff -Nru openssl-1.1.1l/debian/po/ta.po openssl-1.1.1l/debian/po/ta.po --- openssl-1.1.1l/debian/po/ta.po 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/po/ta.po 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,95 @@ +# translation of glibc.po to TAMIL +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Dr.T.Vasudevan , 2007. +msgid "" +msgstr "" +"Project-Id-Version: glibc\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2007-04-24 19:42+0530\n" +"Last-Translator: Dr.T.Vasudevan \n" +"Language-Team: TAMIL \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/templates.pot openssl-1.1.1l/debian/po/templates.pot --- openssl-1.1.1l/debian/po/templates.pot 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/templates.pot 2021-09-04 09:59:44.000000000 +0200 @@ -74,3 +74,22 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/tr.po openssl-1.1.1l/debian/po/tr.po --- openssl-1.1.1l/debian/po/tr.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/tr.po 2021-09-04 09:59:56.000000000 +0200 @@ -25,20 +25,40 @@ #. Type: string #. Description #: ../libssl1.0.0.templates:1001 -msgid "This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections." -msgstr "OpenSSL paketinin bu sürümü bazı güvenlik sorunlarını düzeltmiştir. Hizmetler yeniden başlatılmadıkça bu düzeltmeleri kullanamayacaklar. SSH sunucusunun (sshd) yeniden başlatılması kurulu bağlantıları etkilemeyecektir." +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"OpenSSL paketinin bu sürümü bazı güvenlik sorunlarını düzeltmiştir. " +"Hizmetler yeniden başlatılmadıkça bu düzeltmeleri kullanamayacaklar. SSH " +"sunucusunun (sshd) yeniden başlatılması kurulu bağlantıları etkilemeyecektir." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 -msgid "Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty." -msgstr "Yeniden başlatılması gerektiği algılanan hizmetleri gözden geçiriniz ve gerekirse düzeltiniz. Hizmetlerin adları boşluklarla ayrılmalı ve /etc/init.d dizinindeki başlatma betikleri ile özdeş olmalıdır. Bu liste boş ise hiçbir hizmetin yeniden başlatılmasına gerek yoktur." +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Yeniden başlatılması gerektiği algılanan hizmetleri gözden geçiriniz ve " +"gerekirse düzeltiniz. Hizmetlerin adları boşluklarla ayrılmalı ve /etc/init." +"d dizinindeki başlatma betikleri ile özdeş olmalıdır. Bu liste boş ise " +"hiçbir hizmetin yeniden başlatılmasına gerek yoktur." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 -msgid "Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble." -msgstr "Bu yükseltmeden sonra beklenmedik bir şekilde duran herhangi bir hizmet yeniden başlatılmalıdır. SSL ile bağlantılı bir sorun yaşamamak için en doğrusu bu sunucunun yeniden başlatılmasıdır." +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Bu yükseltmeden sonra beklenmedik bir şekilde duran herhangi bir hizmet " +"yeniden başlatılmalıdır. SSL ile bağlantılı bir sorun yaşamamak için en " +"doğrusu bu sunucunun yeniden başlatılmasıdır." #. Type: error #. Description @@ -51,12 +71,48 @@ #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 -msgid "The following services could not be restarted for the OpenSSL library upgrade:" -msgstr "Aşağıdaki hizmetler OpenSSL kitaplıkları yükseltilirken yeniden başlatılamadı:" +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Aşağıdaki hizmetler OpenSSL kitaplıkları yükseltilirken yeniden " +"başlatılamadı:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 -msgid "You will need to start these manually by running '/etc/init.d/ start'." -msgstr " '/etc/init.d/ start' komutunu çalıştırarak bu hizmetleri elle başlatmalısınız." - +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +" '/etc/init.d/ start' komutunu çalıştırarak bu hizmetleri elle " +"başlatmalısınız." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Hizmetler paket yükseltme işlemi esnasında size sorulmadan yeniden " +"başlatılsın mı?" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Sisteminizde libpam, libc ve libssl gibi bazı kitaplıklar yükseltildiğinde " +"yeniden başlatılması gereken bazı hizmetler kurulu. Yeniden başlatma " +"işlemleri sisteminizin sunduğu hizmetlerde kesintilere neden olabileceğinden " +"dolayı her yükseltme işlemi esnasında yeniden başlatmak istediğiniz " +"hizmetler size sorulacaktır. Eğer bu sorunun sorulmasını istemiyorsanız bu " +"seçeneği kullanabilirsiniz. Bu seçenek seçildiği takdirde bir kitaplık " +"yükseltmesi yapılırken gereken tüm yeniden başlatma işlemleri size " +"sorulmaksızın otomatik olarak yapılacaktır." diff -Nru openssl-1.1.1l/debian/po/uk.po openssl-1.1.1l/debian/po/uk.po --- openssl-1.1.1l/debian/po/uk.po 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/po/uk.po 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,105 @@ +# translation of uk.po to Ukrainian +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Eugeniy Meshcheryakov , 2004, 2006. +msgid "" +msgstr "" +"Project-Id-Version: uk\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2006-02-21 10:12+0200\n" +"Last-Translator: Eugeniy Meshcheryakov \n" +"Language-Team: Ukrainian\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/vi.po openssl-1.1.1l/debian/po/vi.po --- openssl-1.1.1l/debian/po/vi.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/vi.po 2021-09-04 09:59:56.000000000 +0200 @@ -86,3 +86,22 @@ msgstr "" "Vì thế bạn cần phải khởi chạy bằng tay, bằng cách chạy câu lệnh « /etc/init." "d/ start »." + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/zh_CN.po openssl-1.1.1l/debian/po/zh_CN.po --- openssl-1.1.1l/debian/po/zh_CN.po 1970-01-01 01:00:00.000000000 +0100 +++ openssl-1.1.1l/debian/po/zh_CN.po 2021-02-23 22:43:42.000000000 +0100 @@ -0,0 +1,106 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Hiei Xu , 2004. +# Carlos Z.F. Liu , 2004. +# LI Daobing , 2007, 2008. +# +# +msgid "" +msgstr "" +"Project-Id-Version: glibc 2.7-9\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2019-06-20 17:58+0100\n" +"PO-Revision-Date: 2008-02-28 23:44+0800\n" +"Last-Translator: LI Daobing \n" +"Language-Team: Chinese (Simplified) \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl1.1.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl1.1.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl1.1.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/po/zh_TW.po openssl-1.1.1l/debian/po/zh_TW.po --- openssl-1.1.1l/debian/po/zh_TW.po 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/po/zh_TW.po 2021-09-04 09:59:56.000000000 +0200 @@ -77,3 +77,22 @@ "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libssl1.1.templates:3001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" diff -Nru openssl-1.1.1l/debian/README.debian openssl-1.1.1l/debian/README.debian --- openssl-1.1.1l/debian/README.debian 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/README.debian 2021-09-04 09:59:44.000000000 +0200 @@ -11,14 +11,6 @@ eg: instead of `req` please call `openssl req` -TLS protovol version and RSA key size -------------------------------------- -The default system global policy is to support TLSv1.2+ and security level two. -Please see - https://www.openssl.org/docs/man1.1.1/man5/config.html - https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR -for configurations details of `MinProtocol' and `CipherString' in -/etc/ssl/openssl.cnf case you really require to support legacy systems. PATENT ISSUES ------------- diff -Nru openssl-1.1.1l/debian/rules openssl-1.1.1l/debian/rules --- openssl-1.1.1l/debian/rules 2021-08-24 10:31:34.000000000 +0200 +++ openssl-1.1.1l/debian/rules 2021-09-04 09:59:44.000000000 +0200 @@ -12,6 +12,7 @@ include /usr/share/dpkg/pkg-info.mk export DEB_BUILD_MAINT_OPTIONS = hardening=+all future=+lfs +export DEB_CFLAGS_MAINT_APPEND = -DOPENSSL_TLS_SECURITY_LEVEL=2 SHELL=/bin/bash @@ -118,9 +119,11 @@ mkdir -p debian/tmp/etc/ssl mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ +ifeq (,$(filter noudeb,$(DEB_BUILD_PROFILES))) cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.1-udeb/usr/lib/ cp -pf debian/tmp/etc/ssl/openssl.cnf debian/libcrypto1.1-udeb/usr/lib/ssl/openssl.cnf cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so.* debian/libssl1.1-udeb/usr/lib/ +endif cp -auv build_shared/lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/ for opt in $(OPTS); \ do set -xe; \ @@ -139,6 +142,15 @@ fi dh_fixperms -a -X etc/ssl/private +override_dh_compress: + dh_compress + # symlink doc files + for p in openssl libssl-dev; do \ + for f in changelog.Debian.gz changelog.gz copyright; do \ + ln -sf ../libssl1.1/$$f debian/$$p/usr/share/doc/$$p/$$f; \ + done; \ + done + override_dh_perl: dh_perl -d diff -Nru openssl-1.1.1l/debian/tests/control openssl-1.1.1l/debian/tests/control --- openssl-1.1.1l/debian/tests/control 2021-06-23 18:54:25.000000000 +0200 +++ openssl-1.1.1l/debian/tests/control 2021-09-04 09:59:44.000000000 +0200 @@ -1,3 +1,3 @@ Tests: run-25-test-verify -Depends: openssl, perl +Depends: openssl, perl:native Restrictions: rw-build-tree, allow-stderr